EP4174703B1 - Récupération de clé cryptographique - Google Patents
Récupération de clé cryptographique Download PDFInfo
- Publication number
- EP4174703B1 EP4174703B1 EP22201575.2A EP22201575A EP4174703B1 EP 4174703 B1 EP4174703 B1 EP 4174703B1 EP 22201575 A EP22201575 A EP 22201575A EP 4174703 B1 EP4174703 B1 EP 4174703B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- document
- cryptographic key
- computer system
- encrypted
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Definitions
- the invention relates to a method for recovering a cryptographic key for decrypting an encrypted digital document as well as to an issuer computer system and a system for recovering the cryptographic key.
- Physical documents such as certificates, comprise a document body, for example made of paper, on which they are issued, i.e. which is labelled with the data of the document.
- documents can easily be forged, for example with modern image processing programs and colour printers.
- the problem of a lack of forgery security arises in particular if, in addition to an original of the document, further copies such as copies, duplicates and copies are required.
- documents with labeled document bodies there is the difficulty that these or their data cannot be directly integrated into electronic data processing. If the data of the documents or their labels are simply scanned, the problem of a lack of protection against forgery arises, for example, because the scanned data can easily be changed. In addition, errors can occur during scanning.
- the US 2010/217987 A1 describes a document security management system for securely managing documents for users.
- the document management system includes a document store that provides a means for storing data files representing the documents.
- a key store stores a public key of one or more encryption key pairs, each of the encryption key pairs associated with one of the documents stored in the document store.
- Each document stored in the document store is encrypted with the public key of the encryption key pair associated with the document.
- a plurality of client terminals are operable to store and retrieve the documents from the document store for processing by a user.
- Each user is in possession of a digital certificate comprising a certificate key pair.
- the key store contains the private key of the encryption key pair encrypted with the public key of the certificate key pair associated with the user.
- the client terminal is operable with the private key of the certificate key pair in possession of a user.
- the client terminal is to decrypt the private key of the encryption key pair using the private key of the certificate key pair of a user and retrieve the encrypted document from the document storage and decrypt the document using the decrypted private key of the encryption key pair.
- the GB 2 446 173 A describes a key management method for data security.
- Data received by a data transmission device for security is encrypted using an encryption key and stored together with a encrypted copy of the decryption key required to decrypt the data is stored on a removable data storage device.
- the decryption key is encrypted using a public key generated by a trusted third party.
- the encrypted decryption key is provided to the trusted third party for decryption.
- the trusted third party verifies the user, decrypts the encrypted decryption key using the corresponding private key of the public key, and provides the decryption key to the user.
- the decryption key is then used to decrypt the encrypted backed up data.
- Embodiments include a method for recovering a first cryptographic key for decrypting an encrypted digital document by an issuer computer system of an issuer of the digital document.
- the digital document which is a digital copy of data from the physical document, is stored in encrypted form under a first anonymized file name on a server.
- a first copy of the first cryptographic key is also stored on the server in encrypted form under a second anonymized file name.
- the encrypted digital document can be decrypted using the first cryptographic key.
- the first copy of the first cryptographic key is encrypted with a second public cryptographic key of a second asymmetric key pair assigned to the issuer of the digital document.
- the second anonymized file name is calculated using a combination of personal attributes of the owner of the digital document to which a one-way function is applied.
- Embodiments can have the advantage of providing a secure method for restoring a cryptographic key with which a digital document provided on a server can be decrypted.
- the corresponding anonymized file name and the cryptographic key are provided, for example, in the form of a label on a document body of the physical document.
- the corresponding digital data of the digital document is are digital copies of the data of the physical document.
- the first and second anonymized file names may, for example, be different file names.
- the first and second anonymized file names are identical file names.
- the data of the physical document is stored on the server together with the first copy of the first cryptographic key.
- the first and/or second anonymized file names are, for example, a derivable file name, in particular a file name that can be derived using a one-way function.
- the first and/or second anonymized file names are, for example, a non-derivable file name, such as a random number.
- an issuer computer system is enabled to reconstruct the anonymized file name if the personal attributes of the holder of the digital document are available to it.
- the issuer computer system receives the corresponding personal attributes from the holder of the digital document.
- the corresponding personal attributes are made available to the issuer computer system by the holder of the digital document as part of a recovery request and/or a loss report about a loss of the physical document.
- the issuer of the physical document can supplement the combination of personal attributes with an issuer secret and other data necessary for calculating the anonymized file name.
- the corresponding additional data can, for example, be a document ID value, an issuer ID and/or a indication of a period in which the physical document and/or the digital document was issued.
- the issuing computer system establishes a connection via the network to the server on which the digital document is stored.
- the connection can be, for example, an encrypted connection, in particular an end-to-end encrypted connection.
- the issuing computer system can use the corresponding connection to send a read request to read an encrypted copy of the cryptographic key, which is stored on the server together with the digital document.
- the server can thus provide the second information required for accessing the data of the digital document in the form of a copy of the cryptographic key. key.
- the corresponding copy of the cryptographic key is encrypted with a public key of the issuer computer system.
- the issuer computer system can decrypt the encrypted cryptographic key and thus use it.
- the second anonymized file name determined by the issuer computer system is also necessary. Using the determined second anonymized file name, the issuer computer system can create a read request for the copy of the cryptographic key, which the server can use to identify the copy of the cryptographic key to be read. In response to a corresponding read request, the issuer computer system receives the encrypted copy of the cryptographic key, which the issuer computer system decrypts using its private cryptographic key. This ensures that only the issuer computer system is able to obtain the decrypted copy of the photographic key.
- Embodiments can have the advantage that a user of a physical document can be provided with a digital copy of the data of the corresponding physical document, i.e. a digital document, in addition to a physical document in a secure manner.
- the digital copy is, for example, a signed document, such as a signed PDF document.
- By encrypting the digital document its data, in particular personal data, can be protected against unauthorized access.
- Since the digital document is also stored under an anonymized file name, the file name cannot be used to determine its content, in particular personal data included in the digital document.
- the digital copy is provided in an uncomplicated manner for which a user only needs a minimal amount of hardware and software, for example.
- the physical document and user computer system can be provided with an option to access the server via a network, for example using HTTPS.
- the digital document can be stored in a publicly accessible portal for retrieval by the user of the physical document. This means that, for example, any holder of a physical document, such as a paper certificate, can be enabled to convert it into a digital document or to gain access to a digital copy of the corresponding physical document in the form of a digital document without having to install special software.
- decryption of the digital document requires possession of the physical document. This ensures that possession of the physical document is a prerequisite for making the digital document available. At the same time, it can be ensured that the data in the digital document can only be decrypted and thus read by the owner of the physical document. This means that personal data of the owner of the digital document, for example the user of the physical document, can be effectively protected from unauthorized access.
- the digital document is provided in encrypted form on a server. Due to the encryption, the data in the digital document on the server is protected from unauthorized access. Furthermore, access to the digital document requires knowledge of the file name under which the digital document is stored on the server.
- This file name is an anonymized file name.
- An anonymized file name is a file name that does not contain any data from the document in plain text. In particular, the file name does not contain any personal data of the owner of the digital document in plain text.
- the anonymized file name can, for example, be a random value or data from the digital document to which a one-way function has been applied.
- Two security mechanisms are therefore implemented to protect access to the digital document: Firstly, in order to access the digital document, knowledge of the anonymized file name under which the corresponding digital document is stored on the server is necessary. This file name is necessary to identify the digital document. Once the corresponding digital document has been identified, knowledge of the cryptographic key with which the encrypted data of the digital document can be decrypted is also necessary. Access to the digital document is only possible once the anonymized file name in combination with the cryptographic key is known.
- Embodiments therefore make it possible to issue a physical document and to immediately grant the recipient of the corresponding physical document access in a secure form to a digital copy of the data of a physical document, ie a digital document, using a user computer system.
- This data is, for example, data from the same or from another physical document.
- the user computer system receives the information necessary for accessing the digital document, which is provided by the physical document.
- the corresponding information includes, for example, the anonymized file name of the digital document or the physical document and the cryptographic key for decrypting the digital document.
- the user computer system establishes a connection to the server via a network.
- the user computer system can, for example, use address data that is also provided by the physical document, for example in the form of a label.
- encryption can be implemented, for example.
- a session key such as a symmetric cryptographic session key, can be negotiated, for example, with which the communication between the user computer system and the server is encrypting.
- end-to-end encryption can be implemented between the user computer system and the server.
- the user computer system sends a read request to the server via the connection.
- the read request includes the anonymized file name of the digital document.
- the anonymized file name of the digital document enables the server to identify the desired digital document and make it available for reading.
- the user computer system proves read authorization, for example, by knowing the anonymized file name.
- the identified digital document is sent back to the user document via the network by the server in response to the read request.
- the user computer system receives the digital document and makes it available in decrypted form.
- the digital document is decrypted using the cryptographic key provided by the physical document.
- the encrypted digital document can now be decrypted either on the user computer system, which has received the encrypted digital document and the cryptographic key required for decryption, or on the server.
- the user computer system For decryption on the server, the user computer system temporarily makes the cryptographic key required for decryption available to the server. For example, the network connection between the user's computer system and the server is encrypted.
- end-to-end encryption can ensure that both the cryptographic key used for decryption and the decrypted digital document are protected from unauthorized access during transmissions between the user's computer system and the server.
- Embodiments may further have the advantage that the anonymized file name just as the cryptographic key is provided in the form of a label on the document body of the physical document.
- the relevant information is provided in physical form, and in particular not in electronic or digital form.
- the relevant information must be transferred from the physical to the digital world.
- there is a breach of the transmission medium This breach of the transmission medium enables additional security of the relevant information, as it cannot be easily extracted from the physical documents.
- the physical document must be present and the label must be clearly visible. If the physical document is protected from unauthorized access, the relevant information is secure.
- the user computer system can access the data of the physical document, for example, by means of a user input or by means of detection using an optoelectronic sensor on the user computer system.
- a recipient of the physical document such as a student in the case of a university certificate or a pupil in the case of a school certificate, can download the digital document using the anonymized file name and the associated cryptographic key.
- the recipient types in the corresponding data, for example, or scans it using an optoelectronic sensor.
- the anonymized file name and the cryptographic key are each eight characters long, so that 16 characters have to be typed in.
- the associated interface for entering the anonymized file name and the cryptographic key is open to anyone, for example via the Internet. For example, this interface must not be compromised by knowledge of the student data. For example, additional restrictions can be implemented to protect against automated queries.
- An issuer of the physical document such as a university in the case of a university certificate or a school in the case of a school certificate, may, for example, be able to gain access to the digital document even without presenting the physical document.
- the digital document is stored, for example, in a data container whose name can be derived from student data.
- the issuer can, for example, derive the name of the data container using the student data, for example by applying a hash function to it.
- the server checks, for example, whether the data container found contains a digital document issued by the requesting issuer, e.g. by the relevant university or school. If this is the case, the server sends the digital document found to the requesting issuer. In this way, each issuer only sees their own encrypted digital documents.
- the server contains all cryptographic keys for decrypting the digital documents in encrypted form, but does not know any cryptographic keys for decrypting them.
- a label on the document body is an optically detectable change to the document body in which information is encoded.
- the corresponding information can be encoded in alphanumeric form and/or in geometric form, for example. For example, it can be encoded in one-dimensional or two-dimensional geometric form.
- the label can be printed on the document body, applied to it in the form of elevations and/or incorporated into it, for example.
- the corresponding information can be incorporated, for example, by embossing, cutting and/or milling. For example, a laser process can be used for cutting.
- the labels or recesses in the document body can, for example, be filled and/or sealed in this recess.
- Documents such as certificates are usually issued in paper form.
- a digital copy of such a document for example with a digital signature to ensure the authenticity of the data contained in the digital document, can be created in the form of a PDF, for example.
- files in the format of a page description language, such as a PDF file do not contain the labeling of a document, such as printed document data, in a machine-readable form.
- the digital document can also contain the data of the physical document in a machine-readable format, such as a markup language.
- the data of the physical document is, for example, incorporated into the digital document as an attachment in machine-readable form, for example as an attachment according to the PDF/A-3 standard.
- any holder of a physical document such as a paper certificate
- This can enable the holder of a physical document to make a smooth transition from using the physical document to use a digital document.
- personal data contained in the digital document can be protected from unauthorized access. Secure transmission of the digital document can also be ensured using an encrypted channel or an encrypted communication connection.
- Personal data is particularly data or attributes that enable a person to be identified or can be assigned to a person to whom the personal sensor data relates.
- Personal data includes in particular first names, surnames, dates of birth, places of birth, addresses, telephone numbers, email addresses, physical attributes, grades, ID numbers, passport numbers, etc. In this way, for example, effective and efficient data protection for digital documents can be ensured.
- a digital copy is created, such as a PDF document, possibly extended by a data set with the data in a machine-readable format.
- an anonymized file name and a cryptographic key are created, for example in the form of two random values such as two random numbers.
- the anonymized file name and a cryptographic key are applied as a label to the physical document.
- the digital document is then digitally signed, for example.
- the signed digital document is encrypted using the cryptographic key, for example using a symmetric key method such as AES-256.
- the encrypted digital document can be stored under the anonymized file name in a publicly accessible portal.
- the owner of the physical document can download the digital document from the portal using the anonymized file name and the cryptographic key.
- the portal can be accessed using a browser with a user's computer system.
- a browser for example, a website of the portal is provided with a GUI, which includes input fields for entering the anonymized file name and the cryptographic key.
- the transmission of the digital document decrypted on the portal using the cryptographic key takes place, for example, via an encrypted connection, such as HTTPS.
- the digital document is stored on the server with the portal, for example, in a directory with the name of the issuer of the document, such as a school in the case of a certificate, and a subdirectory the issue period in which the physical document was issued, such as a graduation year.
- the user To retrieve the digital document, for example, the user must first select the issuer and the issue period and then enter the anonymized file name and the cryptographic key.
- the digital document can be decrypted locally on the user's computer system.
- the document selected on the server using the anonymized file name is transmitted to the user's computer system in encrypted form. To do this, the user only needs to provide the server with the anonymized file name, for example.
- a "document” is understood to mean in particular a certificate, a certificate, or an identification, valuable or security document, in particular an official document, in particular a paper-based and/or plastic-based document, such as an electronic identification document, in particular a passport, identity card, visa, driver's license, vehicle registration document, vehicle registration certificate, health card, or a company ID, or another ID document, a chip card, means of payment, in particular a banknote, bank card or credit card, waybill or other proof of authorization.
- the document can be a Machine-Readable Travel Document, as standardized by the International Civil Aviation Authority (ICAO) and/or the BSI.
- IAO International Civil Aviation Authority
- a "digital" document is understood to be a data construct for electronic data processing which contains the same data as a previously defined document, but does not contain a permanently assigned physical document body.
- a digital document also referred to as an electronic document, can thus contain, for example, a text, a table of numbers, an image or a sequence or combination of texts, tables or images which have been created or converted into file form by digitizing, i.e. converting them into binary code.
- the validity of such a document is independent of the existence of a permanently assigned document body.
- a "digital" document can be an electronic file of any file format, in particular a non-executable text or table file.
- a digital document can also be, for example, a video file, a song file, a program code, an executable file, an archive or the like.
- a certificate is a statement in text or written form that records a specific fact or situation.
- the certificate can also identify the person who issued the certificate.
- a certificate can be, for example, a school or university certificate, a certificate of successful participation in training or courses, lecture certificates, internship certificates or employment references.
- a certificate can be, for example, an IHK examination certificate, which is a document that is issued to a successful graduate after passing the final examination before the Chamber of Industry and Commerce (IHK) in a recognized apprenticeship or advanced training course.
- An IHK certificate includes, for example, information about the profession learned, i.e. a job title, and the final examination passed.
- the certificate can appear in a uniform layout and contain the job title as well as the field of study or focus. The overall result with grade and number of points is shown above the individual examination results. At the request of the test taker, a vocational school grade can be shown below the individual examination results.
- a document can also be, for example, a skilled worker's certificate, journeyman's certificate, master's certificate, bachelor's certificate, master's certificate, diploma certificate, doctorate certificate or license to practice medicine.
- program or “program instructions” is understood here to mean, without limitation, any type of computer program that contains machine-readable instructions for controlling a functionality of the computer.
- An “interface” is understood here as an interface via which data can be received and sent, whereby the communication interface can be configured with or without contact.
- the communication interface can be an internal interface or an external interface, which is connected to an associated device, for example, by means of a cable or wirelessly.
- Network is understood here to mean any transmission medium with a connection for communication, in particular a local connection or a local network, in particular a local area network (LAN), a private network, in particular an intranet, and a digital private network (Virtual Private Network - VPN).
- a computer system can have a standard radio interface for connection to a WLAN.
- It can be a public network, such as the Internet.
- this connection can also be established via a mobile network.
- memory here refers to both volatile and non-volatile electronic memories or digital storage media.
- non-volatile memory is understood here to mean an electronic memory for the permanent storage of data.
- a non-volatile memory can be configured as a non-changeable memory, which is also referred to as a read-only memory (ROM), or as a changeable memory, which is also referred to as a non-volatile memory (NVM).
- ROM read-only memory
- NVM non-volatile memory
- this can be an EEPROM, for example a flash EEPROM, referred to as flash for short.
- flash flash for short.
- a non-volatile memory is characterized by the fact that the data stored on it is retained even after the power supply is switched off.
- a “volatile electronic memory” is a memory for temporarily storing data, which is characterized by the fact that all data is lost when the power supply is switched off.
- this can be a volatile direct access memory, also known as random access memory (RAM), or a volatile main memory of the processor.
- RAM random access memory
- a "protected memory area” is understood here to mean an area of an electronic memory to which access, i.e. read access or write access, is only possible via a processor of the security module. According to embodiments, access from the processor coupled to the memory is only possible if a condition required for this is met. This can be, for example, a cryptographic condition, in particular successful authentication and/or successful authorization check.
- a "processor” is understood here and below to mean a logic circuit that is used to execute program instructions.
- the logic circuit can be implemented on one or more discrete components, in particular on a chip.
- a "processor” is understood to mean a microprocessor or a microprocessor system comprising several processor cores and/or several microprocessors.
- a "Public Key Infrastructure” is a system for issuing, distributing and verifying digital certificates.
- a digital certificate serves to confirm the authenticity of a public key and its permissible scope of application and validity.
- the digital certificate itself is protected by a digital signature, the authenticity of which is verified by the public key of the issuer of the certificate can be checked.
- a digital certificate is used. In this way, a chain of digital certificates can be created, each of which confirms the authenticity of the public key with which the previous certificate can be checked. Such a chain of certificates forms a so-called validation path or certification path.
- the participants of the PKI must be able to rely on the authenticity of the last certificate, the so-called root certificate, and the key certified by this certificate, without another certificate.
- the root certificate is managed by a so-called root certification authority, on whose authenticity, which is assumed to be guaranteed, the authenticity of all certificates of the PKI is based.
- a “certificate” is understood here to be a digital certificate, which is also referred to as a public key certificate.
- Such certificates based on asymmetric key pairs create a so-called public key infrastructure (PKI).
- PKI public key infrastructure
- Such a certificate is structured data that is used to assign a public key of an asymmetric cryptosystem to an identity, such as a person or a device.
- a certificate can, for example, contain a public key and be signed.
- the certificate can correspond to the X.509 standard or another standard.
- Digital certificates are a proven means of proving authorizations when securing electronic communication using asymmetric cryptographic methods. Certificates are structured data that document the authenticity and/or other properties/authorizations of the owner of a public key (signature verification key) and are confirmed by an independent, credible authority (certification service provider/ZDA), generally the certification authority that issued the certificate. Certificates are usually made available to a wide range of people to enable them to check electronic signatures for authenticity and validity.
- a certificate can be associated with an electronic signature if the private key associated with the public key was used to generate the electronic signature to be verified.
- a ZDA enables users of asymmetric cryptosystems to associate the public key with an identity, for example a person, an organization, an energy or computer system.
- Asymmetric key pairs are used for a variety of cryptosystems and also play an important role in the signature of electronic documents.
- An asymmetric key pair consists of a public key, which is used to encrypt and/or decrypt data and may be passed on to third parties, and a private key, which is used to encrypt and/or decrypt data and must generally be kept secret.
- the public key enables anyone to encrypt data for the owner of the private key, check digital signatures on their documents, or authenticate them.
- a private key enables its owner to decrypt data encrypted with the public key or to create digital signatures for electronic documents. A signature created with a private key can be verified with the associated public key.
- a digital signature hereinafter also referred to simply as a "signature” is a cryptographic process in which an additional data value, which is referred to as a "signature", is calculated for any data, for example an electronic document.
- the signature can, for example, be an encrypted hash value of the electronic document, in particular a hash value encrypted with a private key of a cryptographic key pair assigned to a certificate.
- the special feature of such a signature is that its authorship and affiliation to a specific person or entity can be checked by any third party.
- a digital signature is also understood here to be a digital seal that is not assigned to a natural person but to a legal entity.
- a digital seal is therefore not used to make a declaration of intent by an individual person but rather as proof of origin for an institution. It can therefore ensure the origin and integrity of digital documents and prove that they come from a specific legal entity.
- An "encrypted end-to-end connection” or an “encrypted end-to-end transmission channel” is understood here to mean a connection between a sender and a receiver with end-to-end encryption, in which data to be transmitted is encrypted by the sender and only decrypted again by the receiver.
- the encryption of transmitted data is thus carried out across all transmission stations, so that intermediate stations cannot gain knowledge of the content of the transmitted data due to the encryption.
- the connection is cryptographically secured by the encryption in order to prevent spying and/or manipulation of the transmission, whereby a so-called secure messaging procedure can be used for this purpose.
- End-to-end encryption is based, for example, on two symmetrical cryptographic keys, where a first symmetric key is used to encrypt messages and a second symmetric key is used to authenticate the sender of the message.
- the digital document comprises two digital copies of the data of the physical document, i.e. a first data set with a first digital copy of the data of the physical document and a second data set with a second digital copy of the data of the physical document.
- the first data set is, for example, a data set with the data of the physical document in a page description language format.
- the second data set is, for example, a data set with the data of the physical document in a machine-readable format.
- the Extensible Markup Language is a markup language for representing data, especially hierarchically structured data, in the form of a machine-readable text file.
- the representation of the data according to XML is also human-readable.
- the JavaScript Object Notation (JSON) is an exchange format for transferring and storing data, especially structured data. JSON has the form of a machine-readable text file, which is also human-readable.
- a JSON document can, for example, be a valid JavaScript that can be interpreted by a JavaScript interpreter using eval().
- Open Badges are learning badges in the form of digital certificates from the Mozilla Foundation and Verifible Credentials are verifiable credentials that are standardized by the W3C in "Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web" dated November 19, 2019.
- the first record of document data is, for example, an indication of learning outcomes from a certificate, in particular a higher education certificate.
- the information can be based on the CEN standards EN15981:2011 EuroLMAI (European Learner Mobility Achievement Information) and/or EN15982:2011 MLO (Metadata for learning opportunities).
- EuroLMAI defines a model for the documentation and exchange of information on learner achievement between learning management information systems and for the merging of information from third parties. The model specifically looks at diplomas, diploma supplements and transcripts of records for higher education.
- MLO defines an abstract model for the representation of learning opportunities. This model describes three sources of information about which metadata can be stored to facilitate the publication of learning opportunities, namely the provider of the learning opportunity, the abstract description of a learning opportunity and a concrete example of that learning opportunity.
- the information is information that corresponds to the Elmo format, as described in " EMREX Technical Description and Implementation Guide - v1.1" (https://emrex.eu/wpcontent/uploads/2020/01/Technical-Guide-to-EMREX.pdf), January 1, 2020 , is described.
- the page description language is one of the following languages: Portable Document Format (PDF), PostScript (PS), Device Independent File Format (DVI).
- PDF Portable Document Format
- PS PostScript
- DVI Device Independent File Format
- a page description language describes the structure of a page and how it should look in a special output program or device, such as a printer.
- the Portable Document Format is a vector-based page description language that allows free scalability of the display.
- a PDF file describes the layout created with a creation application in a proportional form that is independent of the printer and presets.
- a PDF file can accurately reproduce a document including all colors, raster and vector graphics and fonts.
- PostScript files allow graphics and printed pages to be output on different output devices in any size and resolution without loss. Graphic elements and fonts are described as scalable vector graphics, and raster graphics can also be embedded.
- a DVI file stores a text supplemented with typesetting information. This typesetting information includes, for example, fonts, character and line spacing, character positions, etc.
- the physical document comprises a first document body labeled with the data of the physical document.
- the data of the physical document comprises the first anonymized file name under which the digital document is stored in encrypted form on a server and the first cryptographic key for decrypting the encrypted digital document.
- Embodiments may have the advantage that the physical document provides all data necessary to access the digital document.
- This data is, on the one hand, the anonymized file name for identifying the digital document and, on the other hand, the cryptographic key for decrypting the encrypted digital document, which makes it possible to gain access to the contents of the digital document.
- the first cryptographic key is restored, for example, when the physical document is lost.
- the first cryptographic key is restored when the issuer computer system receives a loss report about the loss of the physical document from a user computer system.
- a loss report is sent, for example, from the user computer system to the issuer computer system. This can restore the corresponding cryptographic key for decrypting the encrypted digital document and either use it itself to decrypt the encrypted digital document or provide it to the user computer system for decrypting the encrypted digital document.
- the first connection is an encrypted communication connection.
- Embodiments can have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the issuer computer system sends the decrypted first copy of the first cryptographic key to the user computer system via a second connection.
- the second connection is an encrypted communication connection.
- Embodiments may have the advantage that the exhibitor computer system in the User computer system can provide the copy of the cryptographic key in a secure manner so that the user computer system is able to decrypt the digital document.
- the issuer computer system can send the anonymized file name to the user computer system.
- the user computer system can be enabled to access the digital document stored in encrypted form on the server.
- the user computer system can calculate the anonymized file name itself using the personal attributes of the owner of the digital document if it is in possession of the personal attributes. This is the case, for example, if the user is the owner of the digital document who knows the corresponding personal data.
- Embodiments can also have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the first cryptographic key is restored upon a restoration request from the owner of the digital document.
- the restoration occurs upon receipt of a restoration request from a computer system of the owner of the digital document.
- the user computer system is the computer system of the owner of the digital document.
- the sent read request further requests a reading of the encrypted digital document.
- the encrypted digital document is received by the issuer computer system together with the encrypted first copy of the first cryptographic key.
- Embodiments may have the advantage that the issuer computer system can receive the encrypted digital document together with the copy of the cryptographic key.
- the issuer computer system receives direct access to the encrypted digital document, which it can decrypt using the cryptographic key.
- the encrypted digital document is sent to the user computer system together with the decrypted first copy of the first cryptographic key.
- Embodiments may have the advantage that the issuer computer system can provide the digital document to the user computer system. Using the copy of the cryptographic key, the computer system can decrypt the encrypted digital document received from the issuer computer system and thus gain access to the data of the digital document.
- the encrypted digital document is decrypted by the issuer computer system using the decrypted first copy of the first cryptographic key.
- Embodiments may have the advantage that the issuing computer system itself can decrypt the encrypted digital document and thus gain access to the data of the digital document.
- the method further comprises creating a physical duplicate of the digital document, which comprises a document body.
- Creating the physical duplicate comprises labeling the document body with data of the physical duplicate, which is provided using the digital data copy provided by the decrypted digital document.
- the digital data copy provided by the decrypted digital document is also a digital copy of data of the first physical document.
- the digital data copy provided by the decrypted digital document is also a digital copy of data of the second physical document.
- Embodiments can have the advantage that a duplicate copy of the physical document can be created.
- the data of the digital document can be used for this duplicate copy, which is a digital copy of the data of the physical document.
- all data is available in the form of the digital document of the physical document.
- This data can be entered in the form of a label on or in a document body of a physical duplicate of the physical document.
- the corresponding duplicate can serve as a replacement for the physical document, for example in the event of loss.
- a physical duplicate is created, which allows access to the original digital document using the first anonymized file name and the first cryptographic key.
- a digital duplicate can be created in addition to the physical duplicate. In this case, for example, even when the digital data is used, it is clear that a duplicate was used in the physical area to provide the corresponding digital data.
- the physical duplicate further comprises, in addition to the data of the digital data copy, a third anonymized file name and a third cryptographic key.
- the document body of the physical duplicate is further labeled with the third anonymized file name and the third cryptographic key in addition to the data of the digital data copy.
- the method further comprises creating a third physical document comprising a document body.
- Creating the third physical document comprises labeling the document body of the third physical document with data comprising the third anonymized file name and the third cryptographic key.
- Embodiments may have the advantage that a digital duplicate can be provided on the server.
- the data of the physical duplicate includes the data of the physical document, as well as a duplicate note and/or signatures that confirm the authenticity of the duplicate.
- the corresponding authenticity can be confirmed or certified by the issuer computer system or an issuer using the issuer computer system, since the data of the duplicate is based on the digital copy of the data of the physical document.
- the data of the physical duplicate may further comprise an anonymised file name for identifying the digital duplicate and a cryptographic key for decrypting the encrypted digital duplicate.
- the anonymised file name of the duplicate is an anonymised file name which is calculated using a combination of personal attributes of the owner of the digital duplicate, the corresponding combination may be supplemented by a duplicate ID in order to ensure that the anonymised file name of the duplicate is not identical to the anonymised file name of the document.
- the issuer computer system may encrypt the digital duplicate. To do so, the issuer computer system may either use the cryptographic key in the duplicate if this is a symmetric cryptographic key, or not use a private cryptographic key if the cryptographic key of the duplicate is a public cryptographic key.
- the issuing computer system generates the corresponding asymmetric key pair of the duplicate, which includes the private and public cryptographic keys of the duplicate. Furthermore, the issuing computer system establishes a connection via the network to the server on which the digital copy of the duplicate is to be stored.
- the corresponding connection can be, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- a storage request for storing the encrypted digital duplicate is sent to the server via the corresponding connection. This request includes the anonymized file name of the duplicate, under which the digital duplicate is to be stored on the server.
- the digital duplicate is created, for example, if the physical document is lost.
- the third connection is an encrypted communication connection.
- Embodiments can have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the first anonymized file name is calculated using a combination of personal attributes of the owner of the digital document.
- a one-way function is applied to the combination.
- Embodiments may have the advantage that the anonymized file name can be calculated using the personal attributes of the owner of the digital document.
- the personal attributes can no longer be derived from the anonymized file name.
- a hash function is used as a one-way function.
- the personal attributes include: a first name, a last name, a date of birth and/or a place of birth of the owner of the digital document.
- the combination of personal attributes of the owner of the digital document is further supplemented by a document ID value of the digital document before the application of the one-way function.
- Embodiments may have the advantage that using a document ID value, such as a document count value, it can be ensured that different Documents from the same document owner have different anonymized file names.
- a document ID value such as a document count value
- the document ID value is a counter value that counts a number of physical documents issued to the same owner.
- the number of physical documents issued is counted per predefined issuance period, for example per year, school year, semester or trimester.
- a serial number starting with 1 is generated for each document, for example.
- the combination of attributes of the holder of the digital document is further supplemented by a secret of the issuer before the application of the one-way function.
- the secret is, for example, an issuer-specific secret.
- the secret is, for example, a random value, such as a random number.
- the secret is a shared secret which is used to calculate a plurality of anonymized file names of a plurality of documents of the issuer.
- the secret is a document-specific secret.
- the secret is a document type-specific secret.
- the secret is an issue period-specific secret. The issue period within which the physical document was issued is, for example, an issue year, an issue school year, an issue semester and/or an issue trimester.
- Embodiments can have the advantage that the anonymized file name can only be calculated by the issuer who is in possession of the corresponding secret.
- a user who has the physical document can take the anonymized file name from the label on the physical document.
- This physical document is, for example, a document that only provides information for downloading the digital document, such as the anonymized file name under which the digital document is stored in encrypted form on a server, and the cryptographic key for decrypting the encrypted digital document.
- the digital document is, for example, a digital copy of data from another physical document.
- the physical document also includes data from the digital document.
- the digital document is a digital Copy of the data of the corresponding physical document.
- the user does not have the physical document, he is not able to determine the anonymized file name. This applies, for example, even if the user, as the owner of the digital document, is in possession of the owner's personal data, i.e. himself, or has knowledge of it. Even if he knows, for example, a document ID value of the corresponding digital document, he is not able to calculate the anonymized file name. He is only able to use the anonymized file name if he is in possession of the physical document.
- the issuer of the document is able to calculate the anonymized file name based on his knowledge of the corresponding secret if the personal data of the owner of the digital document and, if applicable, a document ID value are available.
- the issuer is able to restore the anonymized file name if the physical document is lost, for example.
- the first cryptographic key is a symmetric cryptographic key with which the digital document is encrypted.
- Embodiments can have the advantage that the same cryptographic key can be used to encrypt and decrypt the digital document.
- keys must be generated once with which the digital document is encrypted.
- the corresponding symmetric cryptographic key can be generated when the physical document is issued.
- the physical document is labeled with this symmetric cryptographic key. If the data of the physical document is digitized, it also includes the symmetric cryptographic key.
- the cryptographic key provided by the digital document itself can thus be used. No further cryptographic keys are necessary.
- the symmetric cryptographic key used for encryption can then be deleted again from the encrypted executing computer system, for example an issuing computer system.
- an AES method Advanced Encryption Standard
- AES-256 As a symmetric encryption method using the symmetric key, an AES method ("Advanced Encryption Standard") such as AES-256 can be used.
- the first cryptographic key is a first private cryptographic key of a first asymmetric key pair.
- the digital document is encrypted with a first public cryptographic key of the first asymmetric key pair.
- Embodiments may have the advantage that the private cryptographic key that belongs to the public cryptographic key provided by the physical document is necessary for the encryption of the digital document.
- the owner of the corresponding private cryptographic key for example an issuer computer system of an issuer of the physical document, is able to encrypt the digital document.
- an encrypted digital document is encrypted by someone other than the issuer of the physical document.
- the correct encryption i.e. an encryption that can be decrypted with the public key of the physical document, provides proof of origin of the digital document. This is therefore an additional security measure.
- a second copy of the first cryptographic key is also stored under the second anonymized file name on the server.
- the second copy of the first cryptographic key is stored encrypted with a fourth public cryptographic key of a fourth asymmetric key pair assigned to a management instance.
- the method further comprises restoring the first cryptographic key by a management computer system of the management instance.
- a fourth private cryptographic key of the fourth asymmetric key pair of the management instance is stored in a protected storage area of a memory of the management computer system.
- Embodiments can have the advantage that in addition to the issuer computer system, another computer system is able to restore the cryptographic key of the document.
- the corresponding second computer system is, for example, an administrative computer system of an administrative authority superior to the issuer of the document. If the issuer or the issuer computer system loses the private cryptographic key for decrypting the copy of the cryptographic key of the digital document stored on the server, the issuer computer system is no longer able to restore the cryptographic key of the document.
- a key restoration can be carried out by the administrative computer system.
- the corresponding restoration can be carried out analogously to the restoration by the issuer computer system.
- a second encrypted copy of the cryptographic key of the document is stored under the second anonymized file name in addition to the encrypted first copy of the cryptographic key of the document.
- the corresponding second copy of the document's cryptographic key is encrypted with a private cryptographic key of the management computer system, so that only the management computer system is able to decrypt the second copy.
- the management computer system determines the anonymized file name under which the encrypted second copy of the cryptographic key is stored.
- the management system establishes a connection to the server via the network, in particular an encrypted communication connection. This allows the management computer system to communicate securely with the server, for example.
- the management computer system sends a read request via the connection, which includes the specific anonymized file name under which the encrypted second copy of the document's cryptographic key is stored.
- the management computer system receives the encrypted copy, which it can decrypt using the management computer system's private cryptographic key.
- the administrative computer system can gain possession of the document's cryptographic key even if the physical document as well as the private cryptographic key of the issuing computer system have been lost. are.
- the cryptographic key of the document that has been restored in this way access to the digital document can be made possible.
- the data in the digital document are digital copies of the data in the physical document. Access to the digital data in the digital document therefore results in access to the data in the physical document. In particular, a duplicate copy of the data in the physical document can be created if the physical document is lost.
- the first cryptographic key is recovered, for example, upon loss of the physical document and/or the second private cryptographic key.
- the fourth connection is an encrypted communication connection.
- Embodiments can have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the management computer system sends the second copy of the first cryptographic key to the issuer computer system over a fifth connection, wherein the fifth connection is an encrypted communications connection.
- Embodiments may have the advantage that the management computer system can provide the cryptographic key of the document or the second copy of the cryptographic key of the document to the issuer computer system.
- the cryptographic key enables the issuer computer system to access the digital document on the server.
- the issuer computer system can use corresponding access to create a physical duplicate and/or a digital duplicate.
- Embodiments may have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data is protected from unauthorized access can, especially against a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- restoring the first cryptographic key occurs upon a restoration request from the issuer of the document.
- restoring occurs upon receipt of a restoration request from the issuer computer system of the issuer of the physical document.
- the issuing computer system can provide the management computer system with the generated fifth public cryptographic key for creating the encrypted third copy of the first cryptographic key.
- the encrypted third copy of the first cryptographic key is created by the management computer system, which does not forward the second copy of the first cryptographic key to the issuing computer system for re-encryption, but rather carries out the re-encryption itself.
- Embodiments may have the advantage that the receipt of the second copy of the document's cryptographic key enables the issuer computer system, in the event of a loss of its private cryptographic key for decrypting the first copy of the document's cryptographic key, to generate a replacement for the first copy of the cryptographic key in the form of a third copy of the cryptographic key encrypted with a newly generated private cryptographic key of the issuer computer system.
- the newly generated private cryptographic key of the issuer computer system effectively replaces the lost private cryptographic key of the issuer computer system.
- a corresponding replacement of the encrypted copy of the document's cryptographic key may be carried out if the private cryptographic key of the issuer computer system is to be replaced by a new, private, cryptographic key after a predefined period of time for security reasons.
- a corresponding new asymmetric key pair is generated by the issuer computer system, which includes a private and public cryptographic key.
- the private cryptographic key is stored in a protected storage area of the issuer computer system so that it is protected from unauthorized access.
- an encrypted third copy of the document's cryptographic key is created.
- the encrypted third copy of the document's cryptographic key is, for example, the receiving second copy of the cryptographic key, which was encrypted with the newly generated private cryptographic key of the issuer computer system.
- the anonymized file name of the document is also determined. For example, personal attributes of the owner of the digital document are used for this purpose.
- the issuer computer system establishes a connection to the server via the network, which is, for example, an encrypted communication connection.
- a storage request with the encrypted copy of the cryptographic key and the anonymized file name is sent from the issuing computer system to the server via the corresponding connection.
- the issuer computer system can download the data container from the server, replace the encrypted first copy of the cryptographic key of the document with the created third encrypted copy of the cryptographic document in the data container and send the modified data container with the storage request to the server so that the server replaces the previous data container with the modified data container.
- the issuer computer system provides evidence of authorization to change the data container on the server. Such proof can be provided, for example, using a corresponding certificate from the issuer computer system.
- the issuer computer system authenticates itself to the server and provides evidence of corresponding authorization to change during the authentication process.
- Replacing the encrypted first copy of the cryptographic key on the server with an encrypted third copy of the cryptographic key can also occur, for example, if the current private cryptographic key of the issuer computer system has been compromised.
- the first copy of the cryptographic key on the server encrypted using the associated current public cryptographic key can be replaced by a third copy of the cryptographic key encrypted using the newly generated public cryptographic key whose associated newly generated private cryptographic key has not been compromised.
- this plurality of key copies can be downloaded.
- the individual key copies can each be decrypted and encrypted again with the newly generated public cryptographic key.
- the re-encrypted plurality of cryptographic key copies thus generated can be sent to the server to replace the previous plurality of cryptographic key copies whose private cryptographic key has been compromised.
- one or more key copies encrypted with a public cryptographic key of the management computer system whose associated private cryptographic key has been compromised can also be replaced
- the sixth connection is an encrypted communication connection.
- the seventh connection is an encrypted communication connection.
- Embodiments can have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the sent read request further requests a reading of the encrypted digital document.
- the encrypted digital document is received by the management computer system together with the encrypted second copy of the first cryptographic key.
- the encrypted digital document is sent to the issuer computer system together with the decrypted second copy of the first cryptographic key via the fourth connection.
- Embodiments may have the advantage that the management computer system contains the encrypted digital document together with the second copy of the document's cryptographic key.
- the management computer system may decrypt the encrypted second copy of the document's cryptographic key using its private cryptographic key.
- the decrypted second copy of the document's cryptographic key may be sent to the management computer system together with the encrypted digital document to the issuer computer system.
- the management computer system may send the decrypted digital document to the issuer computer system by itself using the decrypted second copy of the document's cryptographic key to decrypt the digital document. In both cases, the issuer computer system gains access to the decrypted document and hence also to the digital document's cryptographic key.
- the management computer system sends the second copy of the first cryptographic key to the user computer system via a sixth connection, wherein the sixth connection is an encrypted communication connection.
- Embodiments may have the advantage that the management computer system can provide the decrypted second copy of the document's cryptographic key to the user computer system in a secure manner.
- Embodiments can have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the sent read request also requests a reading of the encrypted digital document.
- the encrypted digital document is received by the management computer system together with the encrypted second copy of the first cryptographic key.
- the encrypted digital document is sent to the user computer system together with the decrypted second copy of the first cryptographic key via the sixth connection.
- Embodiments may have the advantage that the issuing computer system can download the encrypted digital document from the server together with the encrypted second copy of the document's cryptographic key.
- the management computer system can decrypt the second copy of the document's cryptographic key using its private cryptographic key and send this decrypted second copy together with the encrypted digital document to the user computer system for decryption.
- the management computer system itself can decrypt the encrypted digital document using the decrypted second copy of the document's cryptographic key and send the digital document thus decrypted to the user computer system. In both cases, the user computer system thus comes into possession of the decrypted digital document and thus into possession of the document's cryptographic key.
- the method further comprises providing the digital document on the user computer system using the physical document in the form of a first physical document.
- the first physical document comprises a document body labeled with data.
- the data with which the document body of the first document is labeled comprises the first anonymized file name and the first cryptographic key.
- the digital document is a digital copy of the data of the first physical document.
- the first physical document can be used to provide the document data of which the digital document is a digital copy, and the first document also enables access to the digital document.
- the digital document is a digital copy of data from a second physical document.
- the first physical document serves, for example, merely to enable access to the digital document and thus to the digital copy of the data of the second document, but without itself providing this data of the second document.
- the user computer system receives the digital document in encrypted form.
- the encrypted digital document is decrypted using the received first cryptographic key on the user computer system.
- Embodiments can have the advantage that the digital document is only decrypted on the user computer system. This can ensure that the decrypted document is only available on the computer system and thus unauthorized access to the decrypted digital document can be effectively prevented.
- decryption on the user computer system can have the advantage that the cryptographic key used for decryption does not leave the user computer system.
- the corresponding cryptographic key is only available as a label on the physical document and in electronic form temporarily on a memory of the user computer system.
- the cryptographic key is deleted after the digital document has been decrypted.
- the cryptographic key is, for example, only stored in a volatile memory. stored on the user's computer system. This ensures temporary storage of the cryptographic key and effectively prevents permanent storage. By limiting the time the cryptographic key is stored on the user's computer system, the risk of unauthorized access to the cryptographic key can be reduced.
- the read request further comprises the received first cryptographic key for decrypting the encrypted digital document.
- the decryption of the encrypted digital document takes place on the server.
- the user computer system receives the digital document in decrypted form.
- Embodiments can have the advantage that decryption takes place centrally on the server.
- the anonymized file name is integrated into the reader request together with the cryptographic key, so that the user computer system only needs to create the reader request and send it to the server.
- a website provided by the server is called up by the user computer system and displayed on it, for example in a browser.
- the corresponding website can include a graphical user interface with input windows for the user of the user computer system to enter the anonymized file name and the cryptographic key.
- the information entered accordingly is sent to the server via the network connection.
- Program functionalities required to decrypt the digital document are, for example, provided exclusively on the server.
- the network connection is, for example, an encrypted communication connection.
- the seventh connection is an encrypted communication connection.
- Embodiments can have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the user computer system receives the first anonymized file name and first cryptographic key provided by the physical document in the form of user input.
- Embodiments can have the advantage that only an input device on the part of the user computer system is necessary for receiving the anonymized file name provided by the physical document and the cryptographic key.
- a corresponding input device can comprise, for example, a keyboard, a keypad, a touchpad and/or a touch display. The user can enter the label of the document body of the physical document with the anonymized file name and the cryptographic key for reading the digital document and into the user computer system using the input device.
- a label of a document body of the physical document comprises the first anonymized file name and the first cryptographic key in the form of an optoelectronically readable code.
- the user computer system comprises an optoelectronic sensor for detecting the optoelectronically readable code.
- Receiving the first anonymized file name and the first cryptographic key comprises detecting the optoelectronically readable code by the user computer system using the optoelectronic sensor.
- Embodiments may have the advantage that the user computer system can automatically capture the anonymized file name and the cryptographic key using the optoelectronic sensor. No input from the user is necessary. This may have the advantage, for example, that input errors by the user can be avoided.
- the optoelectronic sensor captures the optoelectronically readable code of the physical document in optical form and converts it into an electronic or digital form. The digital data captured in this way, which includes the anonymized file name and the cryptographic key in digital form, can be used by the user computer system to read the digital document from the server.
- the optoelectronically readable code is, for example, a one-dimensional optoelectronically readable code, such as a bar code or barcode.
- the two-dimensional optoelectronically readable code comprises, for example, a plurality of parallel bars of different widths and gaps in between. There is, for example, as high a contrast as possible between bars and gaps.
- the data comprised by the one-dimensional optoelectronically readable code is arranged along a direction, for example perpendicular to an extension direction of the parallel lines.
- the optoelectronically readable code is, for example, a two-dimensional optoelectronically readable code, such as a QR code.
- the two-dimensional optoelectronically readable code comprises, for example, a plurality of lines or dots of different widths and gaps in between. For example, there is as high a contrast as possible between lines or dots and gaps.
- the data comprised by the two-dimensional optoelectronically readable code is encoded in the form of an area over two dimensions.
- the label of the first document body further comprises an identifier of the server for addressing the read request.
- the identifier of the server is received by the user computer system and used for addressing the read request.
- Embodiments can have the advantage that the physical document provides an identifier of the server in addition to the anonymized file name of the digital document required for the read request. Using the corresponding identifier, the server on which the digital document to be read is stored can be identified or addressed. Thus, using the identifier provided by the physical document, the server can be addressed for the read request.
- the identifier of the server is a URI (Uniform Resource Identifier).
- the identifier of the server is a URL (Uniform Resource Locator).
- the user computer system receives the server identifier in the form of user input.
- Embodiments may have the advantage that a user can read the identifier provided by the label on the document body of the physical document and enter it into the user's computer system using an input device. If a user is in possession of the physical document, all information necessary for reading and decrypting the digital document stored in encrypted form on the server is made available to him.
- the optoelectronically readable code of the first physical document comprises the identifier of the server.
- the server identifier is received in the course of the detection of the optoelectronically readable code by the user computer system using the optoelectronic sensor.
- Embodiments may have the advantage that the identifier of the server can be detected using the optoelectronic sensor of the user computer system.
- the identifier of the server can be detected together with the anonymized file name and the cryptographic key.
- the reader request can be encoded in the form of the optoelectronically readable code. This enables the user computer system to only need to execute the reading request provided by the optoelectronically readable code in order to receive the digital document from the server.
- the first anonymized file name is a document-specific file name.
- the first cryptographic key is a document-specific cryptographic key.
- Embodiments may have the advantage that the anonymized file name is only individually applicable to a single document.
- a corresponding anonymized file name is unique.
- the anonymized file name may be a file name that is not unique for an individual document.
- a corresponding file name may be generated using personal data. If several documents are documents of the same owner, the corresponding personal data may be identical. As a result, file names of different documents, for example of the same owner, may be identical. In order to nevertheless store the corresponding documents in a unique manner, additional information may be included in the read request, based on which the document to be read can be uniquely determined.
- Embodiments can have the advantage that, in the case of a document-specific cryptographic key, possession of the physical document is a necessary prerequisite for decrypting the digital document.
- the cryptographic key can also be a key that is not document-specific, ie is not unique.
- the same cryptographic key can be used for several documents belonging to the same document owner.
- the owner of the document is an authorized person. Therefore, it does not represent a reduction in security if the owner of a document is allowed to decrypt other documents.
- Another possibility is that a short cryptographic key is used.
- a short cryptographic key there is a possibility that if the corresponding cryptographic key is randomly selected, the cryptographic keys of several documents will match. This may be sufficient for the security of the digital document data if the probability of finding the correct cryptographic key by guessing is sufficiently low.
- the read request further comprises an issuer ID and/or an indication of an issue period within which the first physical document or the second physical document was issued, for identifying the digital document on the server.
- the issue period is, for example, an issue year, an issue school year, an issue semester and/or an issue trimester.
- Embodiments may have the advantage that, using the issuer ID and/or the issue period of the physical document, digital documents could be differentiated by issuer and issue period.
- the digital documents are stored in a tree-like directory structure on the server.
- the corresponding tree-like structure may, for example, result from the issuer IDs of the issuers of the digital documents and the issue periods.
- An ID is an identifier, also known as an identifier, which includes a feature linked to a specific identity for the unique identification of a person or object, for example the issuer of the digital documents to which the identifier is assigned.
- An identifier can include, for example, numbers, letters, special characters and combinations of these.
- documents from different issuers can be stored on the server.
- the issuer ID and/or an indication of the issue period within which the physical document was issued can also be used to generate the anonymized file name.
- it can be ensured that, for example, documents from the same document owner that were issued by different issuers and/or in different issue periods can be distinguished from one another based on the resulting anonymized file name.
- the digital document is signed by an issuer with a cryptographic signature key.
- Embodiments can have the advantage that the authenticity of the digital document can be proven using the signature.
- a signature verification key can be used to verify the signature.
- the cryptographic signature key is, for example, a private cryptographic key of the issuer of the digital document, while the signature verification key is, for example, a public cryptographic key of the issuer of the digital document.
- the digital document is a certificate.
- Embodiments can have the advantage that digital certificates can be provided in a secure manner.
- the digital data of the digital document is a digital copy of data of the first physical document, for example in the case of a digital document in the form of a certificate, the underlying first physical document is also a certificate, the digital copy of which is provided by the digital document.
- the digital data of the digital document is a digital copy of data of the second physical document, for example in the case of a digital document in the form of a certificate, the underlying second physical document is also a certificate, the digital copy of which is provided by the digital document.
- Embodiments further include a physical document comprising a document body labeled with data.
- the data with which the document body is labeled includes an anonymized file name under which a digital document in the form of an encrypted digital copy of the physical document is stored on a server accessible via a network.
- the data with which the document body is labeled further includes a first cryptographic key for decrypting the encrypted digital document.
- the digital document is a digital copy of the data of the physical document.
- the physical document is configured to provide a digital document on a user computer system according to any of the previously described embodiments.
- Embodiments further include an issuer computer system of an issuer of a digital document for recovering a cryptographic key for decrypting the encrypted digital document.
- the issuer computer system includes a processor, a communication interface for communicating over the network, and a memory.
- the memory of the issuer computer system stores program instructions.
- the digital document which is a digital copy of data from a physical document, is stored in encrypted form under a first anonymized file name on a server.
- the server also stores a first copy of the cryptographic key for decrypting the digital document in encrypted form under a second anonymized file name.
- the encrypted digital document can be decrypted using the cryptographic key.
- the first copy of the cryptographic key for decrypting the digital document is encrypted with a public cryptographic key of an asymmetric key pair assigned to the issuer of the digital document.
- the second anonymized file name is calculated using a combination of personal attributes of the owner of the digital document to which a one-way function is applied.
- a private cryptographic key of the issuer's asymmetric key pair is stored in a protected storage area of the issuer computer system's memory.
- the issuer computer system is configured to execute each of the method steps of the issuer computer system according to any of the previously described embodiments of the method for recovering the cryptographic key for decrypting the encrypted digital document.
- the physical document comprises a document body labeled with the data of the physical document.
- Embodiments include a system for recovering a cryptographic key for decrypting an encrypted digital document.
- the system includes an issuer computer system according to any of the previously described embodiments and a server.
- the server includes a processor, a communication interface for communication over the network, and a memory. Program instructions are stored in the memory of the server.
- the system is configured to execute any of the previously described embodiments of the method for recovering the cryptographic key for decrypting the encrypted digital document.
- the server is configured to execute any of the method steps of the server according to any of the previously described embodiments of the method for recovering the cryptographic key for decrypting the encrypted digital document.
- the system further comprises a management computer system of a management instance.
- the management computer system comprises a processor, a communication interface for communication via the network and a memory.
- Program instructions are stored in the memory of the management computer system.
- a second copy of the cryptographic key for decrypting the digital document is also stored on the server under the second anonymized file name.
- the second copy of the cryptographic key for decrypting the digital document is stored encrypted with a public cryptographic key of an asymmetric key pair of an administrative authority.
- a private cryptographic key of the asymmetric key pair of the administrative authority is stored in a protected storage area of a memory of the administrative computer system.
- the management computer system is configured to execute each of the method steps of the management computer system according to any of the previously described embodiments of the method for recovering the cryptographic key for decrypting the encrypted digital document.
- the system further comprises a user computer system for providing the digital document using the physical document in the form of a first physical document.
- the user computer system comprises a processor, a communication interface for communication via a network and a memory.
- Program instructions are stored in the memory of the user's computer system.
- the first physical document comprises a document body labeled with data.
- the data with which the document body of the first physical document is labeled includes the anonymized file name and the cryptographic key.
- the user computer system receives the digital document in encrypted form.
- the encrypted digital document is decrypted using the received cryptographic key for decrypting the digital document on the user computer system.
- the user computer system comprises an input device.
- the user computer system receives the anonymized file name and the cryptographic key for decrypting the first digital document in the form of a user input via the input device.
- the labeling of the document body of the physical document comprises the anonymized file name and the cryptographic key for decrypting the digital document in the form of an optoelectronically readable code.
- the user computer system comprises an optoelectronic sensor for detecting the optoelectronically readable code.
- Receiving the anonymized file name and the cryptographic key for decrypting the digital document includes detecting the optoelectronically readable code by the user computer system using the optoelectronic sensor.
- the read request further comprises the cryptographic key for decrypting the digital document.
- the server decrypts the digital document using the received cryptographic key for decrypting the digital document and sends it in decrypted form to the user computer system.
- the connection between the user computer system and the server is an encrypted communication connection.
- Embodiments can have the advantage that using an encrypted communication connection, in particular an end-to-end encrypted communication connection, the transmitted data can be protected from unauthorized access, in particular from a man-in-the-middle attack.
- session keys are used to encrypt the transmitted data.
- the session key used for encryption can be a symmetric key, for example.
- the server sends the digital document in encrypted form to the user computer system for decryption by the user computer system using the received cryptographic key to decrypt the digital document.
- Figure 1 shows an exemplary first physical document 100.
- the physical document 100 comprises a document body 102.
- the document body 102 comprises a label with data 104 of the document 100.
- the label with the data 104 comprises, for example, data in the form of an alphanumeric code and/or a geometric code.
- the geometric code can be a one-dimensional geometric code, such as a barcode, or a two-dimensional geometric code, such as a QR code.
- the label is, for example, optical detectable, for example in the visible infrared and/or ultraviolet electromagnetic spectrum.
- the labeling can, for example, be printed, embossed, punched, milled and/or cut-out structures on and/or in the document body.
- the data 104 of the document 100 comprise an anonymized file name 106 under which a digital document is stored in encrypted form.
- the digital document is a digital copy of the data 104 of the document 100.
- the data 104 of the document 100 comprise a cryptographic key 108 with which the encrypted digital document, which is stored on the server under the anonymized file name 106, can be decrypted.
- the document 100 may include a note such as the following: "Use access code 61ySf2Cd and decryption key sGnAtt2PTX on download portal to access this file and download this file.”
- 61ySf2Cd is the anonymized file name 106
- sGnAtt2PTX is the cryptographic key.
- a user has the document 100, he or she can access the digital document stored on the server and decrypt it using the anonymized file name 106 and the cryptographic key 108. The user thus gains access to the digital copy of the data 104 of the document 100.
- the digital document with the data 104 which includes, for example, personal data or attributes of the owner of the digital document, is stored on the server in encrypted form. The corresponding data is therefore not accessible. Furthermore, no personal data or attributes are sent electronically to the owner of the digital document. Rather, the owner of the digital document receives the corresponding data for accessing the digital document in the form of the physical document 100. If the phasic document 100 is present, the owner of the digital document has access to the anonymized file name 106 and the cryptographic key 108 and thus to the digital document.
- Figure 2 shows a further exemplary embodiment of a first physical document 100, which serves, for example, to provide the cryptographic key 108 and the anonymized file name 106.
- a labeling of the document body 102 with data 104 includes, for example, the cryptographic key 108 and the anonymized file name 106.
- the labeling with the data 104 includes, for example, data in the form of an alphanumeric coding and/or a geometric Coding.
- the geometric coding can be a one-dimensional geometric coding, such as a barcode, or a two-dimensional geometric coding, such as a QR code.
- the label is, for example, optically detectable, for example in the visible infrared and/or ultraviolet electromagnetic spectrum.
- the label can, for example, be printed, embossed, punched, milled and/or cut-out structures on and/or in the document body. In the case of structures which include recesses in the document body, the corresponding recesses can be filled and/or sealed.
- the document 100 can include a note such as the following: "Use access code 61ySf2Cd and decryption key sGnAtt2PTX on download portal to access this file and download this file.”
- 61ySf2Cd is the anonymized file name 106
- sGnAtt2PTX is the cryptographic key.
- the data of the encrypted digital document which is stored on the server under the anonymized file name 106, is, for example, data from another physical document.
- the first physical document 100 is made available to the user, for example, together with or in addition to the other physical document in order to enable the user to access the digital document.
- Figure 3 shows another exemplary embodiment of a first physical document 100.
- the physical document 100 in the Figure 3 corresponds to the physical document 100 of the Figure 1 with the difference that the anonymized file name 106 and the cryptographic key 108 in the case of Figure 3 in the form of an optoelectronically readable code 110.
- the corresponding optoelectronically readable code 110 includes, for example, the anonymized file name and the cryptographic key.
- the optoelectronically readable code includes, for example, an identifier of the server on which the digital document is stored, with which read requests for reading the digital document can be addressed to the server.
- "sdfgsh” is the anonymized file name
- "afgrgrt” is the cryptographic key
- "https:// collectede.de/central/download-portal/download” is the server identifier.
- the optoelectronically readable code 110 is, for example, a one-dimensional code, such as a barcode or a two-dimensional code, such as a QR code.
- the optoelectronic code 110 can be detected with an optoelectronic sensor and the data received can be read by the
- Figure 4 shows another exemplary embodiment of a physical document 100.
- the physical document 100 in the Figure 4 corresponds to the physical document 100 of the Figure 2 with the difference that the anonymized file name 106 and the cryptographic key 108 in the case of Figure 4 in the form of an optoelectronically readable code 110.
- the corresponding optoelectronically readable code 110 includes, for example, the anonymized file name and the cryptographic key.
- the optoelectronically readable code includes, for example, an identifier of the server on which the digital document is stored, with which read requests for reading the digital document can be addressed to the server.
- "sdfgsh” is the anonymized file name
- "afgrgrt” is the cryptographic key
- "https:// collectede.de/central/download-portal/download” is the server identifier.
- the optoelectronically readable code 110 is, for example, a one-dimensional code such as a barcode or a two-dimensional code such as a QR code.
- the optoelectronic code 110 can be detected with an optoelectronic sensor and the data received can be used by the detecting computer system to read the digital document from the server.
- Figure 5 shows an exemplary embodiment of a second physical document 180, the data 184 of which is provided as a digital copy in the form of a digital document.
- the physical document 180 comprises a document body 182.
- the document body 182 comprises a label with the corresponding data 184 of the document 180.
- the label with the data 184 comprises, for example, data in the form of an alphanumeric code and/or a geometric code.
- the geometric code can be a one-dimensional geometric code, such as a barcode, or a two-dimensional geometric code, such as a QR code.
- the label can be optically detectable, for example, in the visible infrared and/or ultraviolet electromagnetic spectrum.
- the label can be, for example, printed, embossed, punched, milled and/or cut-out structures on and/or in the document body. In the case of structures which include recesses in the document body, the corresponding recesses may be filled and/or sealed.
- a document 100 is created, such as in Figure 2 or 4 shown. This document 100 provides, for example, the cryptographic key 108 for decrypting the digital document and the anonymized file name 106 under which the encrypted digital document is stored on the server.
- FIG 6 shows an exemplary structure of the digital document 120.
- the digital document 120 comprises a data set with digital data 122, which may be, for example, a digital copy of the data 104 of one of the physical documents 100 from Figure 1 to 4 and/or the data 184 of the document 184 from Figure 5
- the digital document also includes a digital signature 124, with which an issuer of the digital document signs the digital data 122 and thus the digital copy of the physical document 100.
- the digital signature 124 is, for example, a hash value of the digital data 122, which is encrypted with a private cryptographic key of the issuer of the digital document 120, i.e. a signature key.
- the signature can be decrypted with a signature verification key associated with the signature key, i.e. a public cryptographic key associated with the private cryptographic key, and the resulting hash value can be compared with a hash value of the digital data 122. If the two hash values match, the digital data 122 of the document 120 is authentic data.
- Figure 7 shows an exemplary system 150 which includes a server 300 with a memory 302.
- a digital copy of data 104 of a physical document 100 is stored in the memory 302.
- the physical document 100 is a document with a labeled document body.
- the data 104 of the document included in the label are provided in the form of the digital copy 120 for retrieval via a network 160 on the server 300.
- the data 104 of the physical document includes an anonymized file name 106 and a cryptographic key 108.
- the anonymized file name 106 is the file name under which the electronic document 120 is stored on the server 300.
- the cryptographic key 108 is a cryptographic key for decrypting the digital document 120.
- the cryptographic key 108 is a symmetric cryptographic key.
- the cryptographic key 108 can be a public cryptographic key, for example.
- the data 104 of the physical document 100 can include an identifier of the server 300, with which read requests for reading the digital document 120 can be addressed to the server 300. If the physical document 100 is available to a user, he has all the data he needs. to gain access to the digital document 120.
- the digital document 120 is stored in the memory 302 of the server 300, for example, together with a first and second copy 126, 128 of the cryptographic key 108. Both copies 126, 128 are each encrypted using a different cryptographic key.
- the first and second copies 126, 128 of the cryptographic key 108 are now also stored under the anonymized file name in the memory 302.
- the first and second copies 126, 128 of the cryptographic key 108 are stored together with the document 120 in a data container under the anonymized file name 106 on the server 300.
- a corresponding data container or container file can be created, for example, using an archiving or packing program, such as tar ("Tape ARchiver").
- the server 300 further includes a processor 304 that includes program instructions 306. Execution of program instructions 306 by the processor 304 causes the server 300 to provide the digital document 120 and send it to computer systems over the network 160. For example, the digital document 120 is sent in encrypted form.
- the program instructions 306 may be configured to decrypt the encrypted digital document 120 with the received cryptographic key 108 upon receipt of the cryptographic key 108. Furthermore, the program instructions may be configured to provide the first and/or second key copy 126, 128. The key copies 126, 128 are also stored in encrypted form on the server 300. The program instructions 306 can be configured to send the encrypted first key copy 126 in encrypted form over the network 160 for local decryption on the requesting computer system upon receipt of a corresponding read request. Furthermore, the program instructions 306 can be configured to send the encrypted second key copy 128 over the network 160 to the requesting computer system for decryption upon receipt of a corresponding read request. For example, the server 300 has a communication interface 308 for communication over the network 160 with other computer systems.
- the network 160 is, for example, a public network, such as the Internet or an intranet.
- a user uses, for example, a user computer system 200.
- the user computer system 200 comprises a memory 202, a processor 204 and a communication interface 210.
- the processor 204 executes program instructions 206 and controls the user computer system so that it communicates with the server 300 via the network 160 using the communication interface 210 and provides the digital document 120.
- the user computer system receives the anonymized file name 106 of the digital document 120 and the cryptographic key 108 for decrypting the digital document 120.
- the anonymized file name 106 and the cryptographic key 108 are provided in the user computer system using the physical document 100.
- receiving the anonymized file name 106 and the cryptographic key 108 comprises a user input by a user of the computer system 200.
- the physical document 100 comprises the anonymized file name 106 and the cryptographic key 108 in the form of an optoelectronically readable code.
- the user computer system 200 additionally comprises, for example, an optoelectronic sensor 208 which is configured to read the optoelectronic code of the physical document 100.
- the anonymized file name 106 and the cryptographic key 108 can be detected by the user computer system using the optoelectronic sensor.
- the user computer system sends a read request to the server, which includes at least the anonymized file name 106.
- the server 300 sends the digital document 102 to be read, which is identified using the anonymized file name, to the user computer system 200.
- the communication between the user computer system 200 and the server 300 takes place, for example, via an encrypted connection, in particular an end-to-end encrypted communication connection.
- the user computer system 200 receives the digital document 120 in encrypted form from the server and decrypts it using the cryptographic key 108.
- the user computer system 200 can send the cryptographic key 108 with the read request to the server 300, which decrypts the encrypted digital document 120 using the received cryptographic key 108 and sends the decrypted digital document 120 to the user computer system 200 via the network 160.
- the system 150 further includes an issuer computer system 400.
- the issuer computer system 400 includes a memory 420, a processor 410, and a communication interface 414.
- the processor 410 is configured to execute program instructions 412 and to control the issuer computer system to communicate with the server 300, for example, via the network 160.
- the issuer computer system 400 is configured to create and, for example, sign the digital document 120 using the data 104 of the physical document 100. In the course of issuing the physical document 100, the issuer computer system 400 generates, for example, the anonymized file name 106 for the physical document 100 and the cryptographic key 108.
- the issuer computer system uses, for example, the symmetric cryptographic key 108 to encrypt the digital document 120.
- the cryptographic key is 108 is a public cryptographic key of an asymmetric key pair
- the issuer computer system uses, for example, the corresponding public cryptographic key for encryption to encrypt the digital document 120.
- the issuer computer system sends the encrypted digital document 120 to the server 300 during the issuance of the physical document 100, for example with a storage request which additionally includes the anonymized file name 106.
- the encryption can also be carried out on the recipient side by the server 300, which in the case of public cryptographic keys, for example, also has knowledge of the public cryptographic key of the issuer and/or administrative authority.
- the server 300 checks the storage request and, if the check is positive, stores the encrypted digital document 120 under the anonymized file name 106 in the memory 302. If the anonymized file name is not a unique file name, the issuer computer system can send additional file information in the storage request to uniquely identify the file. For example, the encrypted digital document 120 is stored on the server 300 in a tree-like file structure that branches out according to the issuer and/or the document's issue period. For example, the issuer computer system 400 sends an issuer ID and/or an indication of the issue period. To ensure that the same targeted file name does not result for different documents for documents from the same document owner when calculating the anonymized file name using personal data, an additional document ID value can be used, for example. This can be a serial number, for example, if several documents are to be issued to one person in the same year.
- the issuer computer system 400 may create a first encrypted key copy 126 of the cryptographic key 108. To do so, the issuer computer system 400 encrypts a copy of the cryptographic key 108 with a public key 408. The issuer computer system 400 sends the resulting encrypted key copy, for example together with the encrypted digital document 120, to the server 300 for storage. According to embodiments, a second key copy 128 of the cryptographic key 108 may additionally be created. To do this, the issuer computer system 400 encrypts, for example, a second copy of the cryptographic key 108 with a public key 508 of a management computer system 500. The encrypted digital document 120 and the two encrypted key copies 126, 128 are packed by the issuer computer system 400, for example, into a data container and sent to the server 300 for storage.
- the data container can, for example, comprise a directory or a directory tree that contains various individual files.
- the data container can, for example, be a file that contains several other files. This can, for example, be an archive file, such as a file in TAR format, or a compressed file, such as in ZIP format.
- the data container can be a file that contains the various elements in a structured form, e.g. as text, and is then encoded as an encrypted document, for example using AES 256.
- the file name 106 can also be used, for example, which refers to the encrypted document.
- the issuer computer system 400 can restore the cryptographic key 108 required to access the digital copy of the data 104 of the document 100 stored in the encrypted digital document 120. To do this, the issuer computer system 400 accesses the first encrypted key copy 126, which is stored in the memory 302 of the server 300 together with the encrypted document 120 under the anonymized file name 106 for this recovery purpose. To restore the cryptographic key 108, the issuer computer system 400 determines, for example, the file name 106 under which the first encrypted copy 126 of the cryptographic key 108 is stored on the server 300.
- the issuer computer system 400 sends a read request to the server 300 via the network 160. This can be done, for example, via an encrypted communication connection between the issuer computer system 400 and the server 300.
- the encrypted communication connection is an end-to-end encrypted communication connection.
- the server 300 determines the key copy 126 to be provided and sends it to the issuer computer system 400.
- the encrypted key copy 126 is stored together with the encrypted document 120 in a common data container under the anonymized file name on the server 300.
- the issuer computer system 400 determines the name of the data container in which the first encrypted copy 126 of the cryptographic key 108 is stored on the server 300 and uses this to gain access to the first encrypted copy 126 of the cryptographic key 108.
- the data container can be found without prior knowledge.
- the file name and/or the name of the data container is a hash value of the combination of first name, last name, date of birth, school name, year of issue and a serial number.
- the sequential number may be necessary, for example, if a student has several certificates in the same year. Otherwise, the sequential number can be omitted. For example, the following is checked: Hash function (First name.Last name.Date of birth.School.Year), Hash function (First name.Last name.Date of birth.School.Year.01), Hash function (First name.Last name.Date of birth.School.Year.02), etc. If one of the queries no longer returns a file, the check can be aborted, for example. Instead of the school name "School", the public key 408 of the issuing system can also be used, for example.
- the server 300 sends the data container to the issuer computer system 400 in response to the read request.
- the first key copy 126 is identifiable by an ID, such as "K1".
- the digital document 120 as well as the second key copy 128, if applicable, are each identifiable by an ID, such as "D" or "K2", respectively.
- the corresponding IDs of the digital document 120, the first key copy 126 and/or the second key copy 128 can be used, for example, to calculate individual analysis of the file names under which the corresponding digitized document 120, the first key copy 126 and/or the second key copy 128 are each stored.
- a tree-like file structure on the server 300 can be additionally split for each of the documents with respect to the digital document, the first key copy and/or the second key copy. For example, there is a branch for the document type ID, the first key type ID and/or the second key type ID.
- the read request of the issuer computer system 400 can, for example, additionally include reading the digital document 120.
- the issuer computer system 400 receives the first encrypted key copy 126 from the server 300 via the network 160 and can decrypt it using the private cryptographic key 406, which is stored in a protected storage area 404 of the memory 402 of the issuer computer system 400.
- the cryptographic key 108 is now also available to the issuer computer system 400.
- the issuer computer system 400 can, for example, decrypt the encrypted document 120.
- the issuer computer system 400 can provide a digital copy of the data 104 of the physical document 100, even if the physical document 100 is not present.
- this possibility is limited to the issuer computer system 400, which has the private cryptographic key 406 required for this purpose.
- the issuer computer system can, for example, provide the cryptographic document key 106 and/or the anonymized file name 106 to the user computer system 200, so that the user computer system 200 also has access to the data of the encrypted digital document 120.
- the issuer computer system 400 can provide the user computer system 200 with the decrypted digital document 120.
- the issuer computer system 400 can provide the user computer system 200 with the encrypted digital document 120 together with the cryptographic key 108 required for decryption.
- the corresponding data is sent from the issuer computer system 400 to the user computer system 200 via the network 160, for example, using an encrypted communication connection.
- the corresponding encrypted communication connection is, for example, an end-to-end encrypted communication connection.
- the issuing computer system 400 can be used, for example, to issue a duplicate copy of the physical document 100.
- the duplicate copy includes, for example, the data 104 of the physical document 100, which is present in the form of the digital document 120 as a digital data copy.
- the physical duplicate copy includes, for example, a document body labeled with the corresponding data.
- the labeling of the data body of the physical duplicate copy additionally includes, for example, an anonymized file name of the duplicate copy and a cryptographic key of the duplicate copy.
- the duplicate copy includes, for example, a duplicate copy note, which shows that it is a duplicate copy.
- the duplicate copy note can, for example, confirm or certify the authenticity of the data of the duplicate copy.
- the issuing computer system 100 creates, for example, a digital copy of the data of the physical duplicate copy and encrypts this as a digital duplicate copy with the cryptographic key of the duplicate copy.
- the digital duplicate encrypted in this way is stored, for example, on the server 300 under the anonymized file name of the duplicate.
- the corresponding encrypted digital duplicate is sent from the issuing computer system 400 with a storage request via the network 160 to the server 300.
- the storage request additionally includes, for example, the anonymized file name of the duplicate under which the encrypted digital duplicate is stored on the server 300 in the memory 302.
- the anonymized file name of the duplicate can be calculated, for example, using a duplicate ID.
- a standard file structure on the server 300 in which the digital duplicate is stored can, for example, include a branch for duplicates in which the digital duplicate is stored under its anonymized file name.
- a first and/or a second key copy of the corresponding cryptographic key of the duplicate is created.
- the first key copy is encrypted, for example, with a public cryptographic key 408 of the issuer computer system 400.
- the second key copy is encrypted, for example, with a public cryptographic key 508 of the management computer system 500.
- the two encrypted key copies are stored, for example, together with the digital duplicate on the server 300. This can be done analogously to the digital document 120, for example in a common data container or separately from one another in different branches of a tree-like file structure of the server 300.
- the system 150 may include a management instance that is superior to the issuer of the physical document 100.
- the management computer system 500 includes, for example, a memory 502, a processor 510 and a communication interface 514.
- the processor 510 is configured, for example, to execute program instructions 512 that control the management computer system 500 to communicate with other components of the system 150, such as the server 300 and/or the issuer computer system 400, via the network 160 using the communication interface 514.
- the management and computer system can, for example, restore the cryptographic key 108 of the physical document 100 using a private cryptographic key 506 stored in a protected storage area 504 of the memory 502 of the management computer system 500 in the event that the physical document 100 and/or the private cryptographic key 406 of the issuer computer system are lost or damaged.
- the management computer system 500 determines, for example, the anonymized file name 106 under which the second key copy 128 is stored on the server 300.
- the management computer system 500 sends a read request via the network 160 to the server 300 to read the second key copy 128.
- the management computer system 500 receives the encrypted second key copy 128 of the cryptographic key 108.
- the communication between the server 300 and the management computer system 500 via the network 160 takes place, for example, using an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the management computer system 500 uses a private cryptographic key 506 stored in a protected storage area 504 of the memory 502 of the management computer system 500 to decrypt the encrypted second key copy 128.
- the management computer system 500 thus gains access to the cryptographic key 108.
- the management computer system 500 can, for example, provide the corresponding cryptographic key 108 to the issuer computer system 400 or the user computer system 200 via an encrypted communication connection.
- the management computer system 500 can, for example, read the encrypted document 120 from the memory 302 of the server 300 and make it available to the issuer computer system 400 or the user computer system 200 together with the cryptographic key 108.
- the management system 500 can decrypt the encrypted digital document 120 and make it available to the issuer computer system 400 or the user computer system 200 via an encrypted communication connection.
- the issuer computer system can, for example, create a third encrypted key copy of the cryptographic key 108 and send this to the server 300 with a storage request so that the server 300 replaces the first key copy 126 with the newly created third key copy.
- the issuer computer system 400 For the third key copy, the issuer computer system 400 generates, for example, a new asymmetric key pair, the private cryptographic key of which it stores in the protected storage area 404 of the memory 402 as a replacement for the previous private cryptographic key 406, while it uses the corresponding newly generated public cryptographic key as a replacement for the previous public cryptographic key 408 to generate the third encrypted key copy.
- the issuer computer system may forward the cryptographic key 108 or the decrypted digital document 102 provided by the management computer system 500 to the user computer system 200 via an encrypted communication link.
- the issuer computer system 400 may use the cryptographic key 108 or the decrypted digital document 120 received from the management computer system 500 to issue a duplicate to replace a lost physical document 100 or a damaged physical document 100.
- Figure 8 shows a schematic flow diagram of an exemplary method for storing a digital document on a server.
- the digital document is created.
- a digital copy of document data of a physical document is created, for example in PDF format and signed.
- the underlying physical document includes, for example, an anonymized file name under which the digital document created in block 750 is to be stored on a server.
- the physical document includes, for example, a cryptographic key with which the digital document is to be encrypted.
- the anonymized file name and/or the cryptographic key are stored by an issuer computer system in the In the course of setting up the physical document.
- the digital document is generated by the issuer computer system in block 750.
- the cryptographic key of the document is provided.
- the digital document is encrypted with the cryptographic key provided in block 752.
- a first copy of the cryptographic key provided in block 752 is encrypted with a first public key, for example a public key of an asymmetric key pair of the issuer computer system.
- a second copy of the cryptographic key provided in block 752 is encrypted with a second public cryptographic key, for example a public cryptographic key of an asymmetric key pair of a management computer system.
- the encrypted digital document generated in block 754 is stored on the server together with the two encrypted key copies generated in blocks 756 and 758. For example, storage takes place under the anonymized file name.
- the encrypted digital document and the two encrypted key copies are combined for this purpose by the issuer computer system in a data container, which is stored on the server under the anonymized file name.
- the encrypted digital document and the two encrypted key copies are stored separately on the server.
- they are stored under the same file name in different branches of a tree-like file structure on the server.
- they are each stored using different file names.
- Corresponding different file names are calculated, for example, using a type ID, i.e. a document type ID, a first key copy ID and a second key copy ID.
- Figure 9 shows a schematic flow diagram of an exemplary method for recovering a cryptographic key for decrypting an encrypted digital document.
- the corresponding digital document is stored in encrypted form under an anonymized file name on a server.
- the anonymized file name and the cryptographic key are provided, for example, in the form of a label on a document body of a physical document. If the corresponding physical document is lost or damaged to such an extent that the label with the cryptographic key is no longer usable, key recovery is required. Such key recovery can be carried out, for example, using a copy of the corresponding cryptographic key that is stored in encrypted form on the server together with the digital document.
- an issuer computer system for recovering the cryptographic key determines an anonymized file name under which the encrypted first copy of the cryptographic key to be recovered is stored on is stored on a server.
- the issuer computer system establishes a connection to the server via a network.
- the established connection can be, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the issuer computer system sends a read request with the anonymized file name determined in block 770 to the server to read the first copy of the cryptographic key.
- the issuer computer system receives an encrypted first copy of the cryptographic key, which the server has identified using the anonymized file name.
- the issuer computer system decrypts the received encrypted first copy of the cryptographic key, which is provided in block 780 for further use on the issuer computer system.
- Figure 10 shows a schematic flow chart of the exemplary process of Figure 9 from the server's perspective.
- a connection is established between the issuer computer system and the server via the network.
- the corresponding connection is, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the server receives the read request from the issuer computer system with the anonymized file name, which the server uses to identify the encrypted first copy of the cryptographic key to be read out in block 794.
- the identified encrypted first copy of the cryptographic key is sent from the server to the issuer computer system in block 796.
- Figure 11 shows a schematic flow chart of an exemplary process for issuing a duplicate to replace a lost or damaged document.
- the Figure 11 is divided into two parts due to the number of steps, i.e. a first part 11A and a second part 11B, each of which is arranged on a separate page.
- a digital document stored on a server is used, which is a digital copy of the physical document to be replaced with the duplicate.
- the issuer computer system determines a first anonymized file name under which the digital document is stored in encrypted form on the server.
- the issuer computer system establishes a connection to the server via a network.
- the established connection is, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the issuer computer system sends a read request with the anonymized file name determined in block 800 to the server.
- the server uses the received anonymized file name to identify the encrypted copy of the cryptographic document to be provided. Key for decrypting the encrypted digital document and the encrypted digital document.
- the issuer computer system receives the corresponding encrypted copy of the cryptographic key and the corresponding encrypted digital document in response to the read request from block 804.
- the issuer computer system decrypts the received encrypted copy of the cryptographic key using a private cryptographic key of an issuer computer system.
- the corresponding private cryptographic key is stored, for example, in the protected storage area of a memory of the issuer computer system.
- the issuer computer system uses the document cryptographic key decrypted in block 808 to decrypt the digital document received in block 806.
- the data of the physical document are now available in digital form in the issuer computer system.
- the issuer computer system can now use the corresponding digital data, for example, to generate a duplicate to replace the document.
- the issuer computer system in block 812 the issuer computer system generates, for example, a cryptographic key for the duplicate.
- the cryptographic key generated in block 812 is used to encrypt the duplicate to be generated.
- an additional private cryptographic key i.e. an asymmetric cryptographic key pair, is generated in block 812.
- the private cryptographic key is used to encrypt the digital duplicate, while the public cryptographic key is used to decrypt the digital duplicate encrypted in this way.
- an anonymized file name is generated for the duplicate.
- the anonymized file name of the duplicate can, for example, be the same anonymized file name under which the digital document is stored on the server if the digital duplicate is stored in a different branch of a tree-like file structure of the server.
- the anonymized file name of the journal can differ from the anonymized file name of the document, for example by using a duplicate ID when generating the corresponding anonymized file name.
- a physical duplicate is generated. For this purpose, a document body of the physical duplicate is labeled with data from the physical duplicate. The data of the physical duplicate includes the data of the original document.
- the data of the physical duplicate includes, for example, the cryptographic key of the duplicate generated in block 812 and the anonymized file name of the duplicate determined in block 814.
- the data of the duplicate can, for example, include a duplicate note which identifies the physical duplicate as a duplicate and, for example, confirms the authenticity of the data. the duplicate is confirmed or certified.
- a digital copy of the duplicate created in block 816 is created in the form of a digital duplicate.
- the corresponding digital duplicate includes the data of the physical duplicate with which the document body of the physical duplicate is labeled.
- the digital duplicate is signed, for example, by the issuing computer system. For this purpose, the data of the duplicate is signed with a signature key.
- a hash value of the data of the digital duplicate is created and this hash value is signed with the signature key, which is, for example, a private cryptographic key of the signer.
- This signature can be checked for its correctness and thus for the authenticity of the data of the digital duplicate using a signature verification key, for example a public cryptographic key of the signer that belongs to the private cryptographic key of the signer.
- the digital duplicate created in block 818 is encrypted using the cryptographic key generated in block 812.
- a storage request with the encrypted digital duplicate and the anonymized file name determined in block 814 is sent from the issuer computer system to the server for storing the encrypted digital duplicate under the corresponding anonymized file name.
- the storage request is sent from the issuer computer system to the storage computer system via an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- a first and/or a second encrypted copy of the cryptographic key generated in block 812 is additionally generated for the digital duplicate.
- the corresponding copies are encrypted, for example, with a public cryptographic key of the issuing computer system or with a public cryptographic key of an administrative computer system of an administrative authority.
- the encrypted copies of the cryptographic key generated in this way from block 812 are stored on the server together with the digital duplicate in order to enable access to the digital duplicate even in the event of loss and/or damage to the physical document.
- Figure 12 shows a schematic flow diagram of the process of Figure 11 from the server's perspective.
- a connection is established between the issuer computer system and the server via the network.
- the connection is, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the server receives a read request from the issuer computer system with the anonymized file name of the document to read the digital copy of the corresponding document, ie the digital Document, as well as an encrypted first copy of the cryptographic key of the document.
- the server identifies the requested digital document as well as the corresponding encrypted copy of the associated cryptographic key.
- the server in response to the read request received in block 832, the server sends the encrypted digital duplicate identified in block 834 together with the identified encrypted copy of the associated cryptographic key to the issuer computer system.
- the server receives a storage request with the digital duplicate and the anonymized file name under which the received digital duplicate is to be stored.
- the server stores the received digital duplicate under the received anonymized file name.
- Figure 13 shows a schematic diagram of an exemplary embodiment of a physical duplicate 101.
- the physical duplicate 101 in Figure 13 is a duplicate copy of the Figure 1 shown document 100.
- the physical duplicate 101 comprises a document body 103, which comprises a label with the data 104 of the original document.
- the data 104 of the original document comprise, for example, an anonymized file name 106 and a cryptographic key 108 of the document.
- the data 112 with which the document body 103 of the duplicate 101 is labeled comprises a duplicate note 114, which identifies the physical duplicate 101 as a duplicate of the original document and, for example, confirms or certifies the authenticity of the data 104 of the original document.
- the data 112 comprise, for example, an anonymized file name 116, under which a digital copy of the physical duplicate 101, ie a digital copy of the data 112, is stored on a server.
- the digital duplicate is encrypted.
- the data 112 of the physical duplicate 101 also includes, for example, a cryptographic key 118 with which the encrypted digital duplicate can be decrypted. If a user has the physical duplicate 101, he or she can use the anonymized file name 116 and the cryptographic key 118 to obtain the digital duplicate from the server and to decrypt it. The decryption can take place either locally on a user computer system of the user or centrally on the server. In the second case, the cryptographic key 118 must be made available to the server by the user computer system. This makes it possible to provide a digital copy of the duplicate 101 to a user, in which the data 112 of the duplicate 101 is cryptographically secured. In this way, personal data of the owner of the digital document included in the data 112 in particular can be effectively protected.
- Figure 14 shows a schematic diagram of another exemplary embodiment of a physical duplicate 101.
- the physical duplicate 101 in the Figure 14 is a physical duplicate of document 100 of the Figure 3 .
- the physical duplicate 101 of Figure 14 corresponds essentially to the physical copy 101 of the Figure 13 .
- the original document data 104 which contains the data 112 of the physical duplicate 101 of the Figure 14 comprise an optoelectronically readable code 110.
- the optoelectronically readable code 110 of the data 104 of the original document provides, for example, an anonymized file name in optoelectronically readable form under which a digital copy of the original document is stored on a server.
- the optoelectronically readable code 110 provides, for example, a cryptographic key for decrypting the digital document stored in encrypted form on the server under the anonymized file name in optoelectronically readable form.
- the data 112 of the physical duplicate 102 also comprise an optoelectronic code 119 with data of the duplicate 101.
- the optoelectronically readable code 119 of the duplicate 101 comprises an anonymized file name under which a digital copy of the data 112 of the physical duplicate 101, ie a digital duplicate, is stored.
- the optoelectronically readable code 119 comprises, for example, a cryptographic key in optoelectronically readable form for decrypting the encryption of the digital duplicate, which is stored on the server under the anonymized file name of the duplicate.
- a user If a user has the physical duplicate 101, he is able to access a digital copy of the duplicate 101, i.e. a digital duplicate which is stored on the server, using the optoelectronic code 119.
- Figure 15 shows another exemplary embodiment of a physical duplicate 181.
- the physical duplicate 181 in Figure 15 is a duplicate copy of the Figure 5 shown document 180.
- the physical duplicate 181 comprises a document body 183, which comprises a label with the data 184 of the original document.
- the data 186 with which the document body 183 of the duplicate 181 is labeled comprises a duplicate note 114, which identifies the physical duplicate 181 as a duplicate of the original document and, for example, confirms or certifies the authenticity of the data 184 of the original document.
- Figure 16 shows an exemplary embodiment of a third physical document 190.
- the physical document 190 is a document that provides the anonymized file name 116 and the cryptographic key 118.
- the document 190 comprises a document body 193, which comprises a label with the data 194.
- the data 194 comprise the anonymized file name 116, under which a digital copy of the physical duplicate 181 from Figure 15 , i.e. a digital copy of the data 186, is stored on a server.
- the digital duplicate is encrypted.
- the data 194 also include, for example, the cryptographic key 118 with which the encrypted digital duplicate can be decrypted. If a user has access to the document 190, he or she can use the anonymized file name 116 and the cryptographic key 118 to obtain the digital duplicate from the server and to decrypt it. Decryption can take place either locally on a user computer system of the user or centrally on the server.
- the cryptographic key 118 must be made available to the server by the user computer system. This makes it possible to provide a digital copy of the duplicate 181 to a user, in which the data 186 of the duplicate 181 is cryptographically secured. In this way, personal data of the owner of the digital document, in particular those covered by data 186, can be effectively protected.
- Figure 17 shows another exemplary embodiment of a third physical document 190.
- the document 190 of the Figure 17 corresponds essentially to document 190 of the Figure 16 .
- the data 194 comprise an optoelectronically readable code 119.
- the optoelectronically readable code 119 of the data 194 comprises, for example, an anonymized file name under which a digital copy of the data 186 of the physical duplicate 181 from Figure 15 , ie a digital duplicate.
- the optoelectronically readable code 119 comprises, for example, a cryptographic key in optoelectronically readable form for decrypting the encryption of the digital duplicate, which is stored on the server under the anonymized file name of the duplicate.
- a user If a user has the document 190, he is able to access a digital copy of the duplicate 181, i.e. a digital duplicate stored on the server, using the optoelectronic code 119.
- Figure 18 shows a schematic diagram of an exemplary embodiment of a digital duplicate 121.
- the digital duplicate 121 is, for example, a digital duplicate of the physical duplicate 101 of the Figure 13 or 14 or a digital copy of the physical copy 181 of the Figure 15 .
- the digital duplicate 121 comprises a digital copy 122 of the data 104 or 184 of the original document. These digital data of the duplicate 121 are signed, for example, with a digital signature 124 of an issuer of the original document.
- the digital duplicate 121 additionally contains digital data 123.
- the digital data 122 which are copies of the data 104 or 184 of the original document in combination with the digital data 123, which are digital copies of the additional data of the duplicate 101 or 181, together form a digital copy of the data 112 of the duplicate 101 or the data 186 of the duplicate 181.
- the additional digital data 123 of the duplicate include, for example, a digital copy of the duplicate note 114 and a digital copy of the anonymized file name 116 and the cryptographic key 118 of the Figure 13 or 16 or the optoelectronically readable code 119 of the Figure 14 or 17 .
- the digital duplicate 121 also includes, for example, a digital signature of the issuer of the duplicate.
- the digital signature 125 of the digital duplicate 121 is used, for example, to sign the digital data 122, the digital signature 124 and the additional digital data 123. The authenticity of the data provided by the digital duplicate 121 can be checked using the digital signature 125.
- Figure 19 shows a schematic diagram of an exemplary method for recovering a cryptographic key for decrypting a digital copy of a document which is provided in encrypted form on a server.
- the cryptographic key is restored using a second encrypted copy of the cryptographic key, which is stored on the server.
- the second encrypted copy of the cryptographic key is, for example, a copy of the cryptographic key that is encrypted with a public cryptographic key of an administrative computer system of an administrative authority.
- a private cryptographic key of the administrative computer system is required.
- the corresponding private cryptographic key of the administrative computer system is stored, for example, in the protected storage area of a memory of the administrative computer system.
- the second copy of the cryptographic key serves as a fallback option in the event that restoration of the cryptographic key using a first cryptographic copy, which is, for example, encrypted with a public cryptographic key of an issuer computer system of an issuer of the digital document, fails.
- This may be due, for example, to the fact that a private cryptographic key of the issuing computer system, which is necessary for decrypting the first copy of the cryptographic key, has been lost or damaged.
- the procedure serves to Figure 19 as a fallback position, so that even in the event of loss or damage to the private cryptographic key of the issuing computer system, it is still possible to recover the cryptographic key of the digital document and thus access the digital document.
- the procedure of the figure 19 is analogous to the procedure of Figure 9 .
- the management computer system determines an anonymized file name under which a second copy of the cryptographic key of the document is stored.
- the management computer system establishes a connection to the server via a network.
- the connection is, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the management computer system sends a read request with the anonymized file name determined in block 840 to the server.
- the server uses the received anonymized file name to identify the encrypted second copy of the cryptographic key to be read out.
- the management computer system receives the encrypted second copy of the cryptographic key in response to the read request sent in block 844.
- the management computer system decrypts the encrypted second copy of the cryptographic key received in block 846 using the private cryptographic key of the management computer system and makes the decrypted second copy of the cryptographic key available for further use in block 850.
- the management computer system can make the decrypted cryptographic key available to the issuer computer system and/or a user computer system.
- the issuer computer system and/or the user computer system can gain access to the digital document, in particular the digital copies of the data of the physical document written by the digital documents.
- the issuer computer system can use the decrypted copy of the cryptographic key to create a new encrypted copy of the cryptographic key, which it encrypts with a newly generated public cryptographic key of the issuer computer system. This newly created cryptographic copy can be used, for example, to replace the encrypted first copy of the cryptographic key.
- the decrypted copy of the cryptographic key can be used by the issuer computer system to issue a duplicate copy of the digital document.
- blocks 840 through 844 could be performed by the issuer computer system receiving the encrypted second copy of the cryptographic key in response to the read request sent in block 844 and forwarding it to the management computer system.
- the management computer system then receives the encrypted second copy of the cryptographic key from the issuer computer system in block 846.
- Figure 20 shows a schematic flow diagram of the process of Figure 19 from the server's perspective.
- a connection is established between the management computer system and the server via the network.
- the connection is, for example, an encrypted connection, in particular an end-to-end encrypted connection.
- the server receives the read request from the management computer system with the anonymized file name.
- the server uses the anonymized file name to identify the encrypted second copy of the cryptographic key to be read out in block 864.
- the server in response to the read request received in block 862, the server sends the encrypted second copy of the cryptographic key identified in block 864 to the management computer system.
- blocks 840 to 844 in Figure 19 also be executed by the exhibitor computer system, the server communicates in Figure 11 with the exhibitor computer system instead of the administration computer system.
- Figure 21 shows a schematic flow diagram of an exemplary method for replacing an encrypted first copy of the cryptographic key on the server with an encrypted third copy of the cryptographic key.
- the method of Figure 21 is executed, for example, by a management computer system.
- Blocks 870 to 880 of the Figure 21 are identical to blocks 840 to 850 of the Figure 19 .
- the management computer system receives a public cryptographic key generated by the issuer computer system for creating the encrypted third copy of the document's cryptographic key.
- the corresponding cryptographic key is received from the issuer computer system over the network.
- the issuer computer system generates an asymmetric key pair with the corresponding public cryptographic key and a private cryptographic key to replace the previous asymmetric key pair.
- an encrypted third copy of the cryptographic key is created.
- the decrypted second copy of the cryptographic key provided in block 880 is encrypted with the public cryptographic key of the issuer computer system provided in block 882.
- the encrypted third copy of the cryptographic key created in this way is sent from the management computer system to the server via the network in block 886.
- a corresponding storage request is created.
- the corresponding storage request also includes the anonymized file name determined in block 870 under which the first copy of the cryptographic key is stored on the server.
- the server which receives the corresponding storage request then replaces, for example, the encrypted first copy of the cryptographic key stored under the anonymized file name with the encrypted third copy of the cryptographic key received with the storage request.
- the management computer system additionally reads the encrypted digital document from the server in blocks 874, 876 and creates a new data container which includes the encrypted digital document and the encrypted second copy of the cryptographic key as well as the encrypted third copy of the cryptographic key, which replace the previous encrypted first copy of the cryptographic key.
- This newly created data container is sent to the server, for example, with the storage request in block 886, which replaces the previous data container with the new data container.
- the issuing computer system proves, for example, write authorization on the server.
- the corresponding write authorization is proven, for example, in the course of authentication of the management computer system to the server, during which the management computer system presents proof of authorization.
- the corresponding proof of authorization can, for example, be a corresponding certificate of the management computer system.
- Figure 22 shows a schematic flow diagram of another exemplary method for replacing the encrypted first copy of the cryptographic key on the servers with an encrypted third copy of the cryptographic key.
- the method of Figure 11 is carried out by the issuing computer system and follows, for example, the procedure carried out by the administrative computer system of Figure 19 The proceedings of the Figure 19
- the decrypted second copy of the cryptographic key provided is sent by the management computer system to the issuer computer system, for example via an encrypted communication connection.
- the issuer computer system receives the decrypted second copy of the cryptographic key.
- the issuer computer system generates a new asymmetric key pair to replace the previous asymmetric key pair.
- the key pair generated in block 902 is intended to replace a lost or damaged previous asymmetric key pair of the issuer computer system.
- a private cryptographic key of the asymmetric key pair generated in block 902 is stored in a protected memory area of the memory in the issuer computer system.
- an encrypted third copy of the cryptographic key is created.
- the decrypted second copy of the cryptographic key received in block 900 is encrypted with a public cryptographic key of the cryptographic key pair of the issuer computer system generated in block 902.
- an anonymized file name is determined under which the previously encrypted first copy of the cryptographic key is stored on the server.
- a connection is established between the issuer computer system and the server.
- the connection is, for example, an encrypted connection, in particular an end-to-end encrypted connection.
- a storage request is created with the encrypted third copy of the cryptographic key created in block 906 and the anonymized file name determined in block 908.
- the server receives this storage request and, using the anonymized file name, identifies the previous encrypted first copy of the cryptographic key, which is replaced by the newly created encrypted third copy of the cryptographic key. If the previous encrypted first copy of the cryptographic key is stored on the server together with the digital document and the encrypted second copy of the cryptographic key in a common data container on the server, the issuer computer system additionally receives, for example in block 900, the encrypted digital document and the encrypted second copy of the cryptographic key from the management computer system.
- the issuer computer system can read the encrypted digital document and/or the encrypted second copy of the cryptographic key from the server. To do this, the issuer computer system uses, for example, the decrypted second copy of the cryptographic key received in block 900 and the anonymized file name determined in block 908. Using the encrypted digital document and the encrypted second copy of the cryptographic key and the encrypted third copy of the cryptographic key, the issuer computer system can create a new data container, which it sends to the server in block 912 with the storage request to replace the previous data container.
- Figure 23 shows a schematic flow diagram of an exemplary process in the Figure 22 from the server's perspective.
- a connection is established between the issuing computer system and the server.
- the corresponding connection is, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the server receives the storage request with the encrypted third copy of the cryptographic key and the anonymized file name under which the encrypted third copy of the cryptographic key is to be stored on the server.
- the corresponding data container to replace the previous data container is received with the storage request.
- the server uses the anonymized file name received in block 922 to identify the previous encrypted first copy of the cryptographic key.
- the previous encrypted first copy identified in block 924 is Copy of the cryptographic key is replaced with the encrypted third copy of the cryptographic key received in block 922.
- the previous data container comprising the encrypted first copy of the cryptographic key is replaced by the data container received in block 922.
- connection establishment in block 920 may be omitted if the connection established in block 860 is maintained.
- Figure 24 shows a schematic flow diagram of an exemplary method for providing a digital document.
- the corresponding digital document is stored on a server in encrypted form and with an anonymized file name.
- There is a physical document which comprises a document body which is labeled with data from the physical document.
- the digital document is a digital copy of the data from the physical document.
- the digital document is signed.
- the data from the physical document comprises an anonymized file name under which the digital document is stored on the server and a cryptographic key with which the encrypted digital document can be decrypted.
- a user computer system receives the anonymized file name and the cryptographic key using the physical document. For example, the reception includes a user input of the anonymized file name and the cryptographic key.
- the physical document can comprise the anonymized file name and the cryptographic key in the form of an optoelectronically readable code which the user computer system can detect using an optoelectronic sensor.
- the user computer system establishes a connection to the server via a network.
- the corresponding connection is, for example, an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- the connection can be established, for example, after the anonymized file name and the cryptographic key have been received. This can be the case, for example, if an optoelectronic code of the physical document is read, which further comprises an identifier of the server for addressing the server.
- the connection can be established before the anonymized file name and the cryptographic document key have been received.
- a website provided by the server which includes a graphical user interface with input fields in which the user of the user computer system must enter the anonymized file name and/or the cryptographic key.
- the document key can also be entered, for example, immediately before decrypting the digital document, ie directly before block 708.
- a read request with the file name is sent to the server via a network.
- the user computer system receives the requested encrypted digital document in block 706, which is decrypted in block 708 using the previously received cryptographic key of the document.
- the decrypted digital document is made available on the user computer system.
- Figure 25 shows the procedure of Figure 24 from the server's perspective.
- a connection is established via the network between the user computer system and the server.
- the server receives a read request from the user computer system with the anonymized file name to identify the digital document to be read.
- the server identifies the digital document to be read and sends it in block 726 in encrypted form to the user computer system in response to the read request received in block 722.
- Figure 26 shows a schematic flow diagram of another exemplary method for providing a digital document.
- the decryption of the encrypted digital document takes place on the server, in contrast to the procedures in Figure 24 , where the decryption takes place on the user computer system.
- Blocks 730 and 732 of the Figure 26 are identical to blocks 700 and 702 of the Figure 24 .
- Block 734 of the Figure 26 corresponds to block 704 of the Figure 24 with the difference that the read request includes the document's cryptographic key in addition to the anonymized file name.
- the connection between the user computer system and the server is an encrypted communication connection, in particular an end-to-end encrypted communication connection.
- Block 736 of the Figure 26 corresponds to block 706 of the Figure 24 with the difference that the user computer system receives the digital document in decrypted form.
- the server uses the block 734 from the cryptographic key to decrypt the digital document stored under the anonymized file name.
- the user computer system makes the received decrypted digital document available for further use.
- Figure 27 shows a schematic flow chart of the exemplary process of Figure 26 from the server's perspective.
- an encrypted communication connection is established between the user computer system and the server.
- the server receives a read request from the user computer system, which anonymized file names for identifying a digital document to be read and a cryptographic key for decrypting the digital document to be read.
- the server identifies the digital document to be read using the received anonymized file name.
- the server decrypts the identified digital document and sends this decrypted digital document to the requesting user computer system in block 748 in response to the read request from block 742.
- Figure 28 shows an exemplary data container 107.
- the data container 107 serves to provide one or more encrypted copies of the cryptographic key for decrypting the digital document.
- the corresponding copies enable a recovery of the cryptographic key for decrypting the digital document.
- the data container 107 comprises a first encrypted copy 126 of the cryptographic key for decrypting the digital document and/or a second encrypted copy 128 of the cryptographic key for decrypting the digital document.
- the first copy 126 is encrypted, for example, with a public cryptographic key of an issuer computer system of an issuer of the digital document.
- the second copy 128 is encrypted, for example, with a public cryptographic key of an administrative computer system of an administrative authority.
- the administrative computer system that is in possession of a private cryptographic key that matches the corresponding public cryptographic key is able to decrypt the second encrypted copy 128 and thus restore the cryptographic key for decrypting the digital document.
- the data container 107 is stored on the server under an anonymized file name 105.
- the anonymized file name 105 is, for example, a file name that can be derived from data associated with the document.
- the data includes personal attributes and/or data of the document.
- the file name can be derived from a combination of data associated with the document using a hash function.
- the data also includes data that is associated with the issuer computer system and/or the management computer system.
- the data also includes data that is only known to the issuer computer system and/or the management computer system.
- the anonymized file name 105 is a hash value of the combination of the holder's first name, last name, date of birth, issuer, year of issue and a serial number.
- the serial number may be necessary, for example, if several documents are issued for the same holder by the same issuer in the same year. Otherwise, the serial number can be omitted, for example.
- a search is to be carried out for a suitable document or a suitable copy for decrypting a digital document, various combinations are checked until a suitable document or a copy of a suitable cryptographic key is found or a predefined maximum serial number is reached.
- Example combinations are: hash function (first name. last name. date of birth. issuer. year), hash function (first name. last name. date of birth. issuer. year.01), hash function (first name. last name. date of birth. issuer. year.02), etc.
- the issuer computer system and/or the management computer system can gain access to the data container 107 and thus to the encrypted copies of the cryptographic key for decrypting the digital document.
- the issuer computer system can use the anonymized file name 105 to gain access to the encrypted first copy 126 and decrypt it with a private cryptographic key of the issuer computer system.
- the issuer computer system gains access to the cryptographic key for decrypting the encrypted digital document.
- the management computer system can use the anonymized file name 105 to gain access to the encrypted second copy 128 and decrypt it with a private cryptographic key of the management computer system.
- the management computer system gains access to the cryptographic key for decrypting the encrypted digital document.
- the encryption of the first copy may also consist of an encryption of the data container 107.
- the data container 107 may be encrypted with the copy using a public cryptographic key of an issuer computer system or an administrative computer system.
- the file container 107 further comprises the encrypted digital document 120.
- the issuer computer system or the management computer system can decrypt the encrypted digital document 120 using the previously obtained cryptographic key for decryption.
- the decrypting issuing computer system or administration computer system can gain access to the digital document in unencrypted form.
- Figure 29 shows an alternative embodiment of an exemplary data container 107.
- the data container 107 in Figure 29 differs from the data container 107 in Figure 28 by the data container 107 in Figure 29 instead of the digital document 120, comprises another anonymized file name 106 under which the encrypted digital document 120 is stored on the server.
- the issuer computer system or management computer system may use the anonymized file name 106 provided by the data container 107 to identify and download the digital document 120 from the server.
- the encrypted digital document 120 may then be decrypted using the previously obtained cryptographic key for decryption.
- This file name 106 could then only be used by participants who have access to it.
- the label on the physical document includes this file name 106.
- a user who has the physical document therefore has access to the file name 106 and therefore to the encrypted digital document 120.
- the physical document also provides this user with the cryptographic key for decrypting the encrypted digital document 120.
- an issuer computer system or an administrative computer system can derive the file name 105 and thus gain access to the data container 107 with the file name 106.
- the data container 107 provides the issuer computer system or administrative computer system with, for example, the cryptographic key for decrypting the encrypted digital document 120 in the form of encrypted copies 126, 128.
- two copies of the encrypted digital document are stored on the server: one under an anonymized file name 106, which can in particular be a non-derivable file name, such as a random number, and one as part of the data container under a derivable anonymized file name 105.
- the server makes the copy under the file name 106 available to users who have the physical document.
- the server makes the other copy under the file name 105 available to an issuing computer system or administrative computer system that does not have access to the physical document.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Claims (15)
- Procédé de récupération d'une première clé cryptographique (108) permettant de déchiffrer un document numérique (120) chiffré par un système informatique émetteur (400) d'un émetteur du document numérique (120),dans lequel le document numérique (120), dans le cas duquel il s'agit d'une copie numérique (122) de données (104) d'un document physique (100, 180), est enregistré sous forme chiffrée sous un premier nom de fichier anonymisé (106) sur un serveur (300), dans lequel une première copie (126) de la première clé cryptographique (108) est en outre enregistrée sous forme chiffrée sous un deuxième nom de fichier anonymisé (105) sur le serveur (300), dans lequel le document numérique (120) chiffré peut être déchiffré moyennant l'emploi de la première clé cryptographique (108), dans lequel la première copie (126) de la première clé cryptographique (108) est chiffrée avec une deuxième clé cryptographique publique (408) d'une deuxième paire de clés asymétrique associée à l'émetteur du document numérique (120),dans lequel le deuxième nom de fichier anonymisé (105) est calculé moyennant l'emploi d'une combinaison d'attributs relatifs à la personne du propriétaire du document numérique (120), sur lesquels est appliquée une fonction unidirectionnelle,dans lequel une deuxième clé cryptographique privée (406) de la deuxième paire de clés asymétrique de l'émetteur est enregistrée dans une zone de mémoire protégée d'une mémoire du système informatique émetteur (400), le procédé comprenant :• la détermination du deuxième nom de fichier anonymisé (105) moyennant l'emploi de la combinaison d'attributs relatifs à la personne du propriétaire du document numérique (120) par le système informatique émetteur (400),• l'établissement d'une première liaison entre le système informatique émetteur (400) et le serveur (300) par le biais d'un réseau (160),• l'envoi d'une demande de lecture pour la lecture de la première copie (126) chiffrée de la première clé cryptographique (108) à partir du système informatique émetteur (400) vers le serveur (300) par le biais de la première liaison, dans lequel la demande de lecture comprend le deuxième nom de fichier anonymisé (105) déterminé pour l'identification de la première copie (126) chiffrée de la première clé cryptographique (108) sur le serveur (300),• en réponse à l'envoi de la demande de lecture, la réception de la première copie (126) chiffrée de la première clé cryptographique (108) par le système informatique émetteur (400) à partir du serveur (300) par le biais de la première liaison,• le déchiffrement de la première copie (126) chiffrée de la première clé cryptographique (108) par le système informatique émetteur (400) moyennant l'emploi de la deuxième clé cryptographique privée (406).
- Procédé selon la revendication 1, dans lequel les données (104) du document physique (100) comprennent le premier nom de fichier anonymisé (106), sous lequel le document numérique (120) est enregistré sous forme chiffrée sur un serveur (300), et la première clé cryptographique (108) destinée à déchiffrer le document numérique (120) chiffré.
- Procédé selon l'une des revendications précédentes, dans lequel la récupération de la première clé cryptographique (108) a lieu suite à la réception d'une déclaration de perte concernant une perte du document physique (100, 180) par le système informatique émetteur (400) à partir d'un système informatique d'utilisateur (200), et/oudans lequel, dans le cas de la première liaison, il s'agit d'une liaison de communication chiffrée, et/oudans lequel le système informatique émetteur (400) envoie la première copie (126) déchiffrée de la première clé cryptographique (108) au système informatique d'utilisateur (200) par le biais d'une deuxième liaison, dans lequel, dans le cas de la deuxième liaison, il s'agit d'une liaison de communication chiffrée.
- Procédé selon l'une des revendications précédentes, dans lequel une lecture du document numérique (120) chiffré est également demandée avec la demande de lecture envoyée, dans lequel le document numérique (120) chiffré est reçu conjointement avec la première copie (126) chiffrée de la première clé cryptographique (108) par le système informatique émetteur (400).
- Procédé selon la revendication 4, dans lequel le document numérique (120) chiffré est envoyé conjointement avec la première copie déchiffrée de la première clé cryptographique (108) au système informatique d'utilisateur (200).
- Procédé selon la revendication 4, dans lequel le document numérique (120) chiffré est déchiffré par le système informatique émetteur (400) moyennant l'emploi de la première copie (126) déchiffrée de la première clé cryptographique (108).
- Procédé selon la revendication 6, dans lequel le procédé comprend en outre la création d'une reproduction physique (101, 181) du document numérique (120), laquelle reproduction comprend un corps de document (103, 183), dans lequel la création de la reproduction physique (101, 181) comprend une inscription dans le corps de document (103, 183) de données (112, 186) de la reproduction physique (101, 181), lesquelles sont fournies moyennant l'emploi de la copie de données (122) numérique fournie à partir du document numérique (120) déchiffré.
- Procédé selon la revendication 7, dans lequel le corps de document (103) de la reproduction physique (101), en plus des données de la copie de données (122) numérique, a également, inscrits dans celui-ci, un troisième nom de fichier anonymisé (116) et une troisième clé cryptographique (118), ou
dans lequel le procédé comprend en outre la création d'un troisième document physique (190), lequel comprend un corps de document (192), dans lequel la création du troisième document physique (190) comprend une inscription dans le corps de document (192) du troisième document physique (190) de données (194), lesquelles comprennent le troisième nom de fichier (116) anonymisé et la troisième clé cryptographique (118). - Procédé selon la revendication 8, dans lequel le procédé comprend en outre :• la création d'une reproduction numérique (121) par le système informatique émetteur (400), dans lequel, dans le cas de la reproduction numérique (121), il s'agit d'une copie numérique (124) des données (112, 186) de la reproduction physique (101, 181),• le chiffrement de la reproduction numérique (121) par le système informatique émetteur (400), dans lequel la reproduction numérique (121) chiffrée peut être déchiffrée moyennent l'emploi de la troisième clé cryptographique (118),• la mise en place d'une troisième liaison entre le système informatique émetteur (400) et le serveur (300) par le biais du réseau (160),• l'envoi d'une demande d'enregistrement avec la reproduction numérique (121) chiffrée pour enregistrer la reproduction numérique (121) chiffrée sur le serveur (300) à partir du système informatique émetteur (400) vers le serveur (300) par le biais de la troisième liaison, dans lequel la demande d'enregistrement comprend le troisième nom de fichier anonymisé (116) pour l'emploi par le serveur (300) lors de l'enregistrement de la reproduction numérique (121) chiffrée.
- Procédé selon l'une des revendications précédentes, dans lequel les attributs relatifs à la personne comprennent : un prénom, un nom, une date de naissance et/ou un lieu de naissance du propriétaire du document numérique (120), et/oudans lequel la combinaison d'attributs relatifs à la personne du propriétaire du document numérique (120) est en outre complétée par une valeur d'ID de document avant l'application de la fonction unidirectionnelle, et/oudans lequel la combinaison d'attributs du propriétaire du document numérique (120) est en outre complétée par un secret de l'émetteur avant l'application de la fonction unidirectionnelle, et/oudans lequel la demande de lecture comprend en outre un ID d'émetteur et/ou une indication d'une période d'émission pendant laquelle le document physique (100, 180) a été émis, pour l'identification du document numérique (120) sur le serveur (300).
- Procédé selon l'une des revendications précédentes, dans lequel une deuxième copie (128) de la première clé cryptographique (108) est également enregistrée sous le deuxième nom de fichier anonymisé (105) sur le serveur (300), dans lequel la deuxième copie (128) de la première clé cryptographique (108) est enregistrée chiffrée avec une quatrième clé cryptographique publique (508) d'une quatrième paire de clés asymétrique associée à une instance de gestion, dans lequel le procédé comprend en outre la récupération de la première clé cryptographique (108) par un système informatique de gestion de l'instance de gestion, dans lequel une quatrième clé cryptographique privée (506) de la quatrième paire de clés asymétrique de l'instance de gestion est enregistrée dans une zone de mémoire protégée d'une mémoire du système informatique de gestion, dans lequel la récupération comprend :• la détermination du deuxième nom de fichier anonymisé (105) moyennant l'emploi de la combinaison d'attributs relatifs à la personne du propriétaire du document numérique (120) par le système informatique de gestion,• la mise en place d'une quatrième liaison entre le système informatique de gestion et le serveur (300) par le biais du réseau (160),• l'envoi d'une demande de lecture pour lire la deuxième copie (128) chiffrée de la première clé cryptographique (108) à partir du système informatique de gestion vers le serveur (300) par le biais de la quatrième liaison, dans lequel la demande de lecture comprend le deuxième nom de fichier anonymisé (105) déterminé pour l'identification de la deuxième copie (128) chiffrée de la première clé cryptographique (108) sur le serveur (300),• en réponse à l'envoi de la demande de lecture, la réception de la deuxième copie (128) chiffrée de la première clé cryptographique (108) par le système informatique de gestion à partir du serveur (300) par le biais de la quatrième liaison,• le déchiffrement de la deuxième copie (128) chiffrée de la première clé cryptographique (108) par le système informatique de gestion moyennant l'emploi de la quatrième clé cryptographique privée (506).
- Procédé selon l'une des revendications précédentes, dans lequel le procédé comprend en outre une fourniture du document numérique (120) sur le système informatique d'utilisateur (200) moyennant l'emploi du document physique sous la forme d'un premier document physique (100), dans lequel le premier document physique (100) comprend un corps de document (102) où sont inscrites des données (104), dans lequel les données (104), inscrites dans le corps de document (102) du premier document (100), comprennent le premier nom de fichier anonymisé (106) et la première clé cryptographique (108),
dans lequel la fourniture comprend :• la réception du premier nom de fichier anonymisé (106) et de la première clé cryptographique (108) fournis à partir du premier document physique (100) par le système informatique d'utilisateur (200),• la mise en place d'une liaison supplémentaire par le biais d'un réseau (160) entre le système informatique d'utilisateur (200) et le serveur (300),• l'envoi d'une demande de lecture pour lire le document numérique (120) à partir du système informatique d'utilisateur (200) par le biais de la liaison supplémentaire vers le serveur (300), dans lequel la demande de lecture comprend le premier nom de fichier anonymisé (106) reçu pour l'identification du document numérique (120) sur le serveur (300),• en réponse à l'envoi de la demande de lecture, la réception du document numérique (120) par le système informatique d'utilisateur (200) à partir du serveur (300) par le biais de la liaison supplémentaire,• la fourniture du document numérique (120) sous forme déchiffrée sur l'ordinateur d'utilisateur (200), dans lequel le document numérique (120) est déchiffré moyennant l'emploi de la première clé cryptographique (108) reçue. - Système informatique émetteur (400) d'un émetteur d'un document numérique (120) destiné à récupérer une clé cryptographique (108) pour déchiffrer le document numérique (120) chiffré, dans lequel le système informatique émetteur (400) comprend un processeur (410), une interface de communication (414) permettant la communication par le biais du réseau (160), et une mémoire (402), dans lequel des instructions de programme (412) sont enregistrées dans la mémoire (402) du système informatique émetteur (400),dans lequel le document numérique (120), chez lequel il s'agit d'une copie numérique (122) de données (104) d'un document physique (100, 180), est enregistré sous forme chiffrée sous un premier nom de fichier anonymisé (106) sur un serveur (300), dans lequel une première copie (126) de la clé cryptographique (108) permettant le déchiffrement du document numérique (120) est en outre enregistrée sous forme chiffrée sous un deuxième nom de fichier anonymisé (105) sur le serveur (300), dans lequel le document numérique (120) chiffré peut être déchiffré moyennant l'emploi de la clé cryptographique (108), dans lequel la première copie (126) de la clé cryptographique (108) pour déchiffrer le document numérique (120) est chiffrée avec une clé cryptographique publique (408) d'une paire de clés asymétrique associée à l'émetteur du document numérique (120),dans lequel le deuxième nom de fichier anonymisé (105) est calculé moyennant l'emploi d'une combinaison d'attributs relatifs à la personne du propriétaire du document numérique (120), sur lesquels est appliquée une fonction unidirectionnelle,dans lequel une clé cryptographique privée (406) de la paire de clés asymétrique de l'émetteur est enregistrée dans une zone de mémoire (404) protégée de la mémoire (402) du système informatique émetteur (400),dans lequel une exécution des instructions de programme (412) par le processeur (410) du système informatique émetteur (400) commande au système informatique émetteur (400) d'exécuter un procédé, lequel comprend :• la détermination du deuxième nom de fichier anonymisé (105) moyennant l'emploi de la combinaison d'attributs relatifs à la personne du propriétaire du document numérique (120),• la mise en place d'une liaison avec le serveur (300) par le biais du réseau (160),• l'envoi d'une demande de lecture pour la lecture de la première copie (126) chiffrée de la clé cryptographique (108) permettant le déchiffrement du document numérique (120) par le biais de la liaison vers le serveur (300), dans lequel la demande de lecture comprend le deuxième nom de fichier anonymisé (105) déterminé pour l'identification de la première copie (126) chiffrée de la clé cryptographique (108) permettant le déchiffrement du document numérique (120) sur le serveur (300),• en réponse à l'envoi de la demande de lecture, la réception de la première copie (126) chiffrée de la clé cryptographique (108) pour déchiffrer le document numérique (120) par le biais de la liaison,• le déchiffrement de la première copie (126) chiffrée de la clé cryptographique (108) permettant le déchiffrement du document numérique (120) moyennant l'emploi de la deuxième clé cryptographique privée (406).
- Système (150) destiné à récupérer une clé cryptographique (108) pour déchiffrer un document numérique (120) chiffré, dans lequel le système (150) comprend un système informatique émetteur selon la revendication 13 et un serveur (300), dans lequel le serveur (300) comprend un processeur (304), une interface de communication (308) permettant la communication par le biais du réseau (160), et une mémoire (302), dans lequel des instructions de programme (306) sont enregistrées dans la mémoire (302) du serveur (300),
dans lequel une exécution des instructions de programme (306) par le processeur (304) du serveur (300) commande le serveur (300) pour exécuter un procédé, lequel comprend :• la mise en place d'une liaison avec le serveur (300) par le biais du réseau (160),• la réception de la demande de lecture du système informatique émetteur (400) pour lire la première copie (126) chiffrée de la clé cryptographique (108) permettant de déchiffrer le document numérique (120) par le biais de la liaison, dans lequel la demande de lecture comprend le deuxième nom de fichier anonymisé (105) déterminé permettant l'identification de la première copie (126) chiffrée de la clé cryptographique (108) pour déchiffrer le document numérique (120) sur le serveur (300),• l'identification de la première copie (126) chiffrée de la clé cryptographique (108) pour déchiffrer le document numérique (120) sur le serveur (300) moyennant l'emploi du deuxième nom de fichier anonymisé (105),• en réponse à la réception de la demande de lecture, l'envoi de la première copie (126) chiffrée de la clé cryptographique (108) pour déchiffrer le document numérique (120) vers le système informatique émetteur (400) par le biais de la liaison. - Système (150) selon la revendication 14, dans lequel le système (150) comprend en outre un système informatique de gestion (500) d'une instance de gestion, dans lequel le système informatique de gestion (500) comprend un processeur (510), une interface de communication (514) permettant la communication par le biais du réseau (160), et une mémoire (502), dans lequel des instructions de programme (512) sont enregistrées dans la mémoire (502) du système informatique de gestion (500),dans lequel une deuxième copie (128) de la clé cryptographique (108) pour déchiffrer le document numérique (120) est également enregistrée sur le serveur (300) sous le deuxième nom de fichier anonymisé (105), dans lequel la deuxième copie (128) de la clé cryptographique (108) pour déchiffrer le document numérique (120) est enregistrée chiffrée avec une clé cryptographique publique (508) d'une paire de clés asymétrique d'une instance de gestion, dans lequel une clé cryptographique privée (506) de la paire de clés cryptographiques asymétrique de l'instance de gestion est enregistrée dans une zone de mémoire protégée (504) d'une mémoire (502) d'un système informatique de gestion (500),dans lequel une exécution des instructions de programme (512) par le processeur (510) du système informatique de gestion (500) commande au système informatique de gestion (500) d'exécuter un procédé, lequel comprend :• la détermination du deuxième nom de fichier anonymisé (105) moyennant l'emploi de la combinaison d'attributs relatifs à la personne du propriétaire du document numérique (120),• la mise en place d'une liaison avec le serveur (300) par le biais d'un réseau (160),• l'envoi d'une demande de lecture pour la lecture de la deuxième copie (128) chiffrée de la clé cryptographique (108) pour déchiffrer le document numérique (120) vers le serveur (300) par le biais de la liaison, dans lequel la demande de lecture comprend le deuxième nom de fichier anonymisé (105) déterminé pour identifier la deuxième copie (128) chiffrée de la clé cryptographique (108) pour déchiffre le document numérique (120) sur le serveur (300),• en réponse à l'envoi de la demande de lecture, la réception de la deuxième copie (128) chiffrée de la clé cryptographique (108) pour déchiffrer le document numérique (120) par le système informatique de gestion (500) par le biais de la liaison,• le déchiffrement de la deuxième copie (128) chiffrée reçue de la clé cryptographique (108) pour déchiffrer le document numérique (120) moyennant l'emploi de la clé cryptographique privée (506) de l'instance de gestion, et/oudans lequel le système (150) comprend en outre un système informatique d'utilisateur (200) pour fournir le document numérique (120) moyennant l'emploi du document physique sous la forme d'un premier document physique (100), dans lequel le système informatique d'utilisateur (200) comprend un processeur (204), une interface de communication (210) permettant la communication par le biais d'un réseau (160), et une mémoire (202), dans lequel des instructions de programme (206) sont enregistrées dans la mémoire (202) du système informatique d'utilisateur (200),dans lequel le premier document physique (100) comprend un corps de document (102) où sont inscrites des données (104), dans lequel les données (104) inscrites dans le corps de document (102) du premier document (100), comprennent le nom de fichier anonymisé (106) et la clé cryptographique (108),dans lequel une exécution des instructions de programme (206) par le processeur (204) du système informatique d'utilisateur (200) commande le système informatique d'utilisateur (200) pour exécuter un procédé, lequel comprend :• la réception du nom de fichier anonymisé (106), sous lequel le document numérique (120) est enregistré sous forme chiffrée sur le serveur (300), et de la clé cryptographique (108) permettant le déchiffrement du document numérique (120) pour déchiffrer le document numérique (120) chiffré, fourni sous la forme d'une partie des données (104) inscrites dans le corps de document (102) du premier document physique (100),• la mise en place d'une liaison avec le serveur (300) par le biais d'un réseau (160),• l'envoi d'une demande de lecture pour lire le document numérique (120) par le biais de la liaison vers le serveur (300), dans lequel la demande de lecture comprend le nom de fichier anonymisé (106) reçu pour l'identification du document numérique (120) sur le serveur (300),• en réponse à l'envoi de la demande de lecture, la réception du document numérique (120) à partir du serveur (300) par le biais de la liaison,• la fourniture du document numérique (120) sous forme déchiffrée sur l'ordinateur d'utilisateur (200), dans lequel le document numérique (120) est déchiffré moyennant l'emploi de la clé cryptographique (108) reçue pour déchiffrer le document numérique (120).
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE102021127976.3A DE102021127976B4 (de) | 2021-10-27 | 2021-10-27 | Wiederherstellen eines kryptografischen Schlüssels |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| EP4174703A1 EP4174703A1 (fr) | 2023-05-03 |
| EP4174703B1 true EP4174703B1 (fr) | 2024-09-18 |
Family
ID=83692995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP22201575.2A Active EP4174703B1 (fr) | 2021-10-27 | 2022-10-14 | Récupération de clé cryptographique |
Country Status (2)
| Country | Link |
|---|---|
| EP (1) | EP4174703B1 (fr) |
| DE (1) | DE102021127976B4 (fr) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117560147B (zh) * | 2023-11-29 | 2025-04-08 | 海光信息技术股份有限公司 | 密码配置方法、密码服务方法及其相关设备 |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH1127253A (ja) | 1997-07-07 | 1999-01-29 | Hitachi Ltd | 鍵回復システム、鍵回復装置、鍵回復プログラムを記憶した記憶媒体、および鍵回復方法 |
| US8037310B2 (en) * | 2004-11-30 | 2011-10-11 | Ricoh Co., Ltd. | Document authentication combining digital signature verification and visual comparison |
| EP1908249B1 (fr) | 2005-07-27 | 2012-08-15 | International Business Machines Corporation | Systemes et procedes de delivrance securisee de fichiers a des destinataires autorises |
| EP1984866B1 (fr) * | 2006-02-07 | 2011-11-02 | Nextenders (India) Private Limited | Système de gestion de sécurité de documents |
| GB2446173A (en) * | 2007-01-30 | 2008-08-06 | Hewlett Packard Development Co | Key management for secure data backup |
| US8166313B2 (en) | 2008-05-08 | 2012-04-24 | Fedtke Stephen U | Method and apparatus for dump and log anonymization (DALA) |
| WO2014018614A2 (fr) | 2012-07-27 | 2014-01-30 | Safelyfiled.Com, Llc | Système pour l'organisation unifiée, le stockage sécurisé et l'extraction sécurisée de documents numériques et papiers |
| US9369287B1 (en) | 2015-01-27 | 2016-06-14 | Seyed Amin Ghorashi Sarvestani | System and method for applying a digital signature and authenticating physical documents |
| DE102016220656A1 (de) | 2016-10-21 | 2018-04-26 | Bundesdruckerei Gmbh | Bereitstellung und Prüfung der Gültigkeit eines virtuellen Dokuments |
-
2021
- 2021-10-27 DE DE102021127976.3A patent/DE102021127976B4/de active Active
-
2022
- 2022-10-14 EP EP22201575.2A patent/EP4174703B1/fr active Active
Also Published As
| Publication number | Publication date |
|---|---|
| DE102021127976B4 (de) | 2024-05-02 |
| EP4174703A1 (fr) | 2023-05-03 |
| DE102021127976A1 (de) | 2023-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE60211841T2 (de) | Vorrichtung zur Aktualisierung und zum Entzug der Gültigkeit einer Marke in einer Infrastruktur mit öffentlichen Schlüsseln | |
| EP3596653B1 (fr) | Émission de documents virtuels dans une chaîne de blocs | |
| EP3318999B1 (fr) | Procédé de délivrance d'une version virtuelle d'un document | |
| DE3841393C2 (de) | Zuverlässiges System zur Feststellung der Dokumentenechtheit | |
| EP2454704B1 (fr) | Methode pour lir des attributes de un jeton d'identite | |
| EP3319006B1 (fr) | Procédé de contrôle d'authenticité hors ligne d'un document virtuel | |
| DE69013541T2 (de) | Kryptosystem mit öffentlichem Schlüssel und/oder Unterschrift und mit digitaler Unterschriftsbeglaubigung. | |
| DE10328328B4 (de) | Produktschutz-Portal und Verfahren zur Echtheitsprüfung von Produkten | |
| EP3913886B1 (fr) | Émission des documents numériques à une chaine de blocs | |
| EP1944716B1 (fr) | Procédé et dispositif de sécurisation d'un document comportant une signature apposée et des données biométriques dans un système informatique | |
| DE60125405T2 (de) | Selbstauthentifikation von wertdokumenten mittels digitaler unterschriften | |
| DE10134682B4 (de) | Verfahren und Vorrichtung zur Bestätigung der Echtheit eines Dokumentes und elektronischer Tresor zur Speicherung der Daten | |
| DE102009046205B4 (de) | Verfahren zur Erzeugung einer Web-Seite | |
| EP3814970B1 (fr) | Émission et mise en mémoire inviolables de certificats électroniques | |
| DE102009027682A1 (de) | Verfahren zur Erzeugung eines Soft-Tokens | |
| EP3261011A1 (fr) | Procédé de lecture d'attributs à partir d'un jeton d'identification | |
| EP3497615B1 (fr) | Procédé de signature électronique manuscrite | |
| EP4174703B1 (fr) | Récupération de clé cryptographique | |
| EP1631873A1 (fr) | Procede de production et de verification d'une caracteristique d'authenticite d'un document | |
| EP3289509B1 (fr) | Procédé pour produire une signature électronique | |
| DE602005006407T2 (de) | Methode und System zur Signierung von physischen Dokumenten und zur Authentisierung von Signaturen auf physischen Dokumenten | |
| EP3362999B1 (fr) | Procédé de vérification d'un document, document et système informatique | |
| EP4174700A1 (fr) | Fourniture d'un document numérique | |
| EP3248357B1 (fr) | Jeton de certificat permettant de mettre à disposition un certificat numérique d'un utilisateur | |
| EP3248356B1 (fr) | Jeton de certificat permettant de mettre à disposition un certificat numérique d'un utilisateur |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230526 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
| 17P | Request for examination filed |
Effective date: 20231103 |
|
| RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
| RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 21/62 20130101AFI20240320BHEP |
|
| INTG | Intention to grant announced |
Effective date: 20240409 |
|
| GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
| GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
| AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
| REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
| REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 502022001698 Country of ref document: DE |
|
| REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: GERMAN |
|
| REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20241218 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20241219 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20241218 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20241218 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20241218 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20241219 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250118 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250120 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 502022001698 Country of ref document: DE |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20241014 Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20241031 |
|
| PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
| REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20241031 |
|
| 26N | No opposition filed |
Effective date: 20250619 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20240918 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20241014 |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20251020 Year of fee payment: 4 |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: AT Payment date: 20260113 Year of fee payment: 4 |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20251029 Year of fee payment: 4 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20221014 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20221014 |